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DEMOfallO?  this  week 

Cool  stuff  at  DEMOfall07  includes  gladiator 


THE  LAUNCHPAD  FOR  EMERGING  TECHNOLOGY  contests  and  3D  virtuality  creations.  Pages  12,  26| 
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Nortel 

,  change- 
4  up 

Nortel’s 

)  new 
enter¬ 
prise  boss  is  expect¬ 
ed  to  move  fast  on 
unified  communica¬ 
tions,  multimedia 
applications.  Page  16. 


ITIL  appeal 

There's  a  payoff  for 
streamlining  IT 
processes,  but  also 
lots  of  headaches. 
Veterans  share  tips 
for  success.  Page  22. 


lesperately 
seeking  mobile 
ecurity  standards 

)espite  official  urg- 
ig,  telecommuting 
dthin  federal  agen- 
ies  is  languishing,  in 
•art  because  stan- 
lards  don’t  exist  for 
ecuring  telecom- 
nuters.  Page  32. 
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Ameritrade  had 

plenty  of 
red  flags. 

Page  50. 
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Credit  card 
security 
standard 
still  shifting 


BY  ELLEN  MESSMER 

With  some  Payment  Card 
Industry  Data  Security  Standard 
deadlines  less  than  a  week  away 
credit  card  businesses  are  under 
the  gun,  some  spending  hun¬ 
dreds  of  thousands  of  dollars  to 
prove  compliance. 

Even  if  they  make  it  now,  PCI 
compliance  is  a  moving  target 
with  more  requirements  on  the 
way  for  next  year. 

PCI  DSS  1.1  is  a  set  of  12  secu¬ 
rity  requirements  issued  by  the 
PCI  Security  Standards  Council 
last  year  for  protecting  card  data. 
Businesses  must  show  PCI  com¬ 
pliance  by  either  Sept.  30  or  Dec. 
31  —  depending  on  what  they’ve 
been  told  to  do  by  their  banks  — 
or  face  fines  or  higher  rates 
levied  by  Visa,  MasterCard  and 
the  banks  pushing  the  standard. 

Even  as  businesses  struggle  to 
make  the  grade,  letting  their  net¬ 
works  and  business  processes  be 
inspected  by  the  70  or  so  quali¬ 
fied  security  assessors  (QSA) 
trained  under  the  council’s  pro¬ 
gram  for  evaluating  PCI  compli¬ 
ance,  additional  security  require 
ments  are  probable  for  next  year. 

At  the  PCI  Security  Standards 
Council  2007  Community 
Meeting  held  last  week  in 
See  PCI,  page  20 
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THERE  IS  A  WILLINGNESS  TO  SACRIFICE  SOME  POTENTIAL  INCOME 

FOR  THE  ABILITY  TO  DO  WHAT  I  LIKE.  I  WOULD  SAY  THAT’S  PROBABLY  ABOUT 

10  TO  20%.”  —  David  Lampert,  network  operations  manager, 
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SALARY  CALCULATOR 

Get  a  personal  estimate  of  how  much  you  should 
be  making,  www.nwdocfinder.com/1721 

SEE  IT  ON  A  MAP. 

A  regional  review  of  salaries,  bonuses  and  hot  skills. 
www.nwdocfinder.com/1722 

STATS  GALLERY 

Assess  your  salary  with  detailed  breakouts  on  total 
compensation,  bonuses,  hot  skills,  loyalty  and  job  satisfaction. 
www.nwdocfinder.com/1724 

CERTIFICATION  ADVICE 

Our  bloggers  discuss  Cisco  and  Microsoft  technology  training  issues. 
www.nwdocfinder.com/1732  I  www.nwdocfinder.com/1731 


GOT  QUESTIONS? 

Join  a  text  chat  on  the  IT  job  market. 
www.nwdocfinder.com/1723 
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_DAY  79:  This  is  out  of  control!  Our  IT  environment  is  rigid 
and  inflexible.  Our  business  needs  are  changing,  but  our 
environment  isn’t  built  to  change  with  them.  We  can’t  adapt. 

Oh,  no... I  was  afraid  of  this.  We’re  so  rigid  we’re  stuck  in  time. 

_Infrastructurus  prehistoricus.  I’ve  read  about  this. 

_DAY  80:  I’m  taking  back  control  with  IBM  SOA  solutions.  Now 
we  can  align  business  goals  with  our  IT.  We  have  the  hardware, 
software  and  services  we  need  to  respond  to  change.  Strategy, 
planning  and  implementation  are  in  tune  with  our  specific 
business  needs.  Now  we  can  deploy  and  update  business  processes 
faster  and  more  efficiently. 

.Goodbye,  rigid  past.  Hello,  flexible  future. 


Take  the  SOA  business  value  assessment  at: 

IBM.COM/TAKEBACKCONTROL/SOA 


You  strive  to  exceed  your 
client's  expectations.  Start  by  choosing 

Network  that  exceeds  yours. 


Verizon  Wireless,  America's  most  reliable  wireless  broadband  network, 

works  with  you  and  your  existing  systems  to  help  you  give  your  clients  expert  service. 


•  Conduct  business  wirelessly  at  broadband  speeds  on  devices  like  the  BlackBerry  7130e7  the  Motorola  Q,™  the  Palm  Treo  /OOw™  or  from  your  laptop. 

•  Access  and  update  your  schedule  and  contacts,  send  emails  and  use  company  applications — all  directly  from  your  smartphone, 

•  Work  remotely  from  your  laptop  and  connect  to  your  company  intranet  to  be  able  to  easily  send  large  files. 

•  Improve  communications  between  the  office  and  clientele  on  the  go  with  simple,  reliable  wireless  solutions  from  Verizon  Wireless. 


t ; ,  , 


li. 


Visit  verizonwireless.com/business  or  call  1.800.VZW.4  BIZ 


: 


(899.4249) 


VGtl  OH  wireless 

4  ,:  ;  " 

k,I  .  broadband  network  is  available  in  242  major  metropolitan  areas  in  the  U.S.  Offers  and  coverage  not  available  everywhere.  Network  details  &  coverage  maps  at  verizonwireless.com.  America's  most  reliable  wireless  network  claim 

E.2J- ■  ■■$*4  *»>  ftwe»  aggregate  blocked, and  dropped  connections.  See  verizonwireless.com/bestnetwork  for  details. ;  2007  Verizon  Wireless 
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NETWORK  INFRASTRUCTURE 

12  Event  to  showcase  cutting  edge. 

16  New  Nortel  exec  to  reform  Enterprise. 

18  Opinion  Scott  Bradner:  Immortal  — 
and  ubiquitous  —  digital  bread  crumbs. 

28  Opinion  Linda  Musthaler:  IT  on  a 

shoestring  budget. 

50  Opinion  ‘Net  Buzz:  Ameritrade  had 
plenty  of  warning  —  as  far  back  as 
January  2006  —  yet  couldn’t  plug  data 
leak. 

ENTERPRISE  COMPUTING _ 

14  IT  grapples  with  heat,  overcrowding. 

50  Opinion  BackSpin:  Dealing  with 
Hippos. 

APPLICATION  SERVICES 

13  No  price  hike  for  SQL  Server  2008. 

13  More  change  ahead  for  Network 
General  users. 

19  Gartner  touts  Web  2.0,  scoffs  at  3.0. 
22  Making  better  processes  pay  off. 

28  IBM  challenges  Office  with  free  apps. 
34  Daylight-saving  time  issue  redux. 

SERVICE  PROVIDERS 

30  Opinion  Johna  Till  Johnson:  One, 
two,  three  screens  won’t  be  enough. 


COOL 

■  Being  stress- 
free  is  a  game 
with  the  Personal 
Input  Pod. 

See  Cool  Tools, 
page  26. 


TECH  UPDATE 

24  Using  virtualization  to  boost  efficiency. 

26  Mark  Gibbs:  PHP,  WAMP  and 
XAMPP,  oh  my. 

26  Keith  Shaw:  Another  DEMO, 
another  batch  of  ‘cool’. 

NET.W0RKER _ 

32  Federal  CISOs  seek  mobile  security. 

NETW0RKW0RLD.COM 

11  Catch  up  on  the  latest  online  stories, 
blogs,  newsletters  and  video. 


■  CONTACT  Network  World,  118Turnpike  Road, 
Southborough,  MA  01772;  Phone:  (508)  460-3333;  E- 
mail:  nwnews@nww.com;  ■  REPRINTS:  (717)  399-1900; 

■  SUBSCRIPTIONS:  Phone  (508)  490-6444;  E-mail: 
nwcirc@nww.com;  URL:  www.subscribenw.com 
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STATS  GALLERY  Assess  your  salary  with  detailed  breakouts  on  total  compensation,  bonuses, 
hot  skills,  loyalty  and  job  satisfaction,  www.nwdocfinder.com/1724 


CERTIFICATION  ADVICE  Our  bloggers  discuss  Cisco  and  Microsoft  technology  training  issues. 
www.nwdocfinder.com/1732  I  www.nwdocfinder.com/1731 
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GOODBADUGLY 

Happy  birthday,  Smiley.  ► 

The  smiley  face 
emoticon  (:-)) 
turned  25  years 
old  last  week. 

Carnegie  Mellon 
University  professor  Scott 
Fahlman  claims  to  be  the  first  to  have 
used  the  smiley  face  in  a  message. 

This  marks  the  first  time  we've  typed  it 
into  GBU. 

Microsoft  not  only  loser  in  this 
case?  An  industry  group  on 
Microsoft’s  side  said  the  European 
Union’s  second-highest  court  ruling  last 
week  that  dismissed  the  company’s 
appeal  of  the  antitrust  case  was  bad  for 
small  and  midsize  businesses.  "[SMBs] 
and  consumers  will  actually  foot  the  bill. 
Microsoft  did  not  win  today,  but  it  is 
European  software  developers  and  con¬ 
sumers  that  really  lost,"  said  Jonathan 
Zuck,  president  of  the  Association  for 
Competitive  Technology. 

Fewer  breaches,  but  worse.  The 
number  of  reported  security  breaches 
is  down,  yet  the  average  severity  of 
breaches  has  doubled,  according  to  a 
new  study.The  Computing  Technology 
Industry  Association  (CompTIA)  study, 
based  on  data  collected  from  more 
than  1,000  IT  professionals,  revealed 
that  34%  of  organizations  reported  a 
major  security  breach  in  2006,  down 
from  38%  in  2005  and  58%  in  2004. 
Respondents,  however,  rated  the  aver¬ 
age  severity  of  breaches  as  4.8  (with  10 
being  most  severe),  up  from  2.3  to  2.6  in 
previous  years. 


p  »LL 

A  snapshot  of  how  networkworld.com 
visitors  voted  on  a  key  networking  issue 
last  week: 

Have  you,  or  will  you  be,  hiring  new  IT 
staff  in  2007? 


Total  respondents  for  this  poll,  all  with  hiring 
authority:  1,073 

SOURCE:  NETWORK  WORLD'S  2007  SALARY  SURVEY 

Vote  and  discuss:  www.nwdocfinder.com/1724 
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Why  802.1  In  won’t  replace 
cables  any  time  soon 

Re:  Does  802.1  In  spell  the  ‘end  of  Ethernet’? 
(www.nwdocfinder.com/1 733): 

One  aspect  not  often  discussed  is  the  diffi¬ 
culty  with  configuring  and  managing  the 
client  devices.  We  all  take  Ethernet  client  con¬ 
nectivity  for  granted.  Pick  pretty  much  any  sys¬ 
tem  and  hardware,  and  you  can  expect  an 
Ethernet  jack  to  work,  and  that’s  been  the  case 
for  many  years. 

That’s  not  the  case  with  wireless  LAN,  and 
it’s  unlikely  to 
become  the  case 
any  time  soon.  In  the 
last  six  years  we’ve 
gone  from  static 
[Wired  Equivalent 
Privacy]  to  dynamic 
WEP/802.1X  to 
[Lightweight  Exten¬ 
sible  Authentication 
Protocol]  to  [Wi-Fi 
Protected  Access]  to 

WPA2  in  terms  of  access  control  and  en¬ 
cryption.  For  authentication  we’ve  argued 
about  LEAP/ [Microsoft’s  challenge-hand- 
shake  authentication  protocol],  [Protected 
Extensible  Authentication  Protocol] vO, 
PEAPvl,  [Tunnelled  Transport  Layer 
Security],  and  now  we  have  PEAP-[Type- 
Length-Value],  never  mind  all  of  the  inner 
EAP  types. 

And  all  of  this  changes  every  year,  making 
whatever  you  deployed  last  year  a  legacy  sys¬ 
tem  you  now  have  to  upgrade.  When  you  can 
show  me  a  client  system  (with  a  software  sup¬ 
plicant)  that’s  stable  and  doesn’t  need  replace¬ 
ment  over  a  period  of  two  years,  I’ll  be  more 
inclined  to  stop  deploying  wires  everywhere. 

Right  now,  wireless  is  a  supplement  to  wired 
networking  that  enables  mobility,  but  the  only 
reason  its  failings  are  tolerated  in  any  large 
enterprise  is  because  there  is  a  wired  jack 
nearby  to  fall  back  to. 

Paul  Dodd 

Discuss  at  www.nwdocfinder.com/1734 


A  complex  issue 


**The  only  reason  [wire¬ 
less’s]  failings  are  tolerated  in 
any  large  enterprise  is 
because  there  is  a  wired  jack 
nearby  to  fall  back  to.55 
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►  SPECIAL  NETWORK  WORLD  FEATURE 


SCAN  THIS  CODE 
with  your  cell 
phone  to  get  the 
latest  IT  network 
news  delivered  to 
your  cellular 
device. 


■  ■ 


■  ■■  ■ 
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■  ■ 

■  ■ 
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i  ■■■ 
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To  get  the  client 
software,  use  your  phone  browser  to 
visit  wap.connexto.com 

For  more  information  on  code  scanning 
see  www.nww.com/codescan 
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Re:  Complex  event  processing:  still  on  the 
launch  pad  (www.nwdocfinder.com/1735): 

CEP  is  an  enabling  technology  —  a  com¬ 
puting  paradigm.  It  will  touch  on  all  areas  of 
computing,  and  end  up  as  pervasive  as  data¬ 
base  technology. 

So  I’ve  no  doubt  that  business-intelligence 
vendors  will  use  CEPSo  will  algorithmic  trad¬ 
ing  solutions,  intrusion  detection,  fraud 
detection,  [business-activity  monitoring], etc. 
In  fact,  many  solutions  today  already  do. 

Many  of  the  vendors 
you  listed  have  wide¬ 
ly  diverse  solutions 
that  in  many  cases 
don’t  compete  with 
each  other  —  that 
would  be  a  bit  like 
assuming  that  any 
vendor  that  uses  a 
database  must  com¬ 
pete  with  every  other 
vendor  that  also  uses 

a  database. 

So  if  CEP  is  still  on  the  launch  pad  with 
regard  to  business-intelligence  vendors,  that’s 
really  a  matter  for  business-intelligence  ven¬ 
dors  to  understand  how  to  use  CEP  technol¬ 
ogy  It  is  definitely  not  true  for  other  solution 
areas  —  go  check  out  CEP  in  Algorithmic 
Trading  solutions. :-) 

Brian  Connell 
CTO ;  WestGlobal 

Discuss  at  www.nwdocfinder.com/1736 


A  reason  to  adopt  IPv6 

Re:  One  less  reason  to  adopt  IPv6?  (www.nw 
docfinder.com/1 737): 

Almost  since  IPv6’s  inception,  the  intention 
has  been  that  there  would  be  two  configura¬ 
tion  methods;  stateless  autoconfiguration 
and  DHCPv6. 

In  many  situations,  stateless  autoconfigura¬ 
tion  is  adequate.  When  additional  configura¬ 
tion  options  are  required  or  when  an  organi¬ 
zation  prefers  stateful  configuration,  DHCPv6 
can  be  employed. 

These  mechanisms  are  complementary  and 
are  in  no  way  in  conflict.  Having  two  configu¬ 
ration  mechanisms  is  in  no  way  a  “reason  not 
to  adopt  IPv6”, just  as  having  a  manual  or  auto¬ 
matic  car  is  not  a  reason  to  not  use  cars! 

Sadly,  many  of  the  supposed  issues  raised  in 
the  article  are  not  issues  at  all,  or  are  identical 
to  the  issues  in  IPv4. 

David  Holder 

Discuss  at  www.nwdocfinder.com/1738 

E-mail  letters  to  jdix@nww.com  or  send  them  to 
John  Dix,  editor  in  chief,  Network  World,  118 
Turnpike  Road,  Southborough,  MA  01 772.  Please 
include  phone  number  and  address  for  verification 
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_DAY  82:  There  are  so  many  risks  out  there.  Traffic  spikes, 
natural  disasters,  mergers.  How  do  we  prepare?  One  in  three 
companies  don’t  recover  from  unplanned  downtime.1  Would  we? 

_Gil  wrapped  everything  with  bubble  wrap.  Just  to  be  safe. 

_DAY  83:  I’m  preparing  with  IBM  Business  Resilience 
Solutions.  IBM  Business  Continuity  Services  help  us 
assess  our  risks  and  design  a  proactive  plan  to  deal  with 
them.  IBM  Tivoli  gives  us  the  visibility  to  diagnose  and 
fix  infrastructure  problems.  And  the  robust  availability 
features  of  the  IBM  System  p™  give  us  maximum  uptime. 

_No  more  bubble  wrap.  And  I  have  to  mail  a  package.  Great. 


■  ' 


'.N 


Take  the  business  continuity  assessment  at: 

IBM.COM/TAKEBACKCONTROL/READY 


Tivoli. 


Source:  '  Business  Continuity  Unwrapped,”  Continuity  Central,  2006.  www.continuitycentral.com/feature0358.htm.  I8M.  the  IBM  logo.  System  p.  Take  Back  Control  and  Tivoli  are  tr, 
registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  ©2007  IBM  Corporation.  All  rights  reserved. 


NETWORKWORLD.COM 

Follow  these  links  to  more  resources  online 


INTERVIEWS,  TIE  COOLEST  TOOLS  AND  MORE 


VIDEO  INTERVIEW: 


SECURITY  BUZZ: 


like 


Speaking  with 
Whitfield  Diffie 

Network  World’sTim 
Greene  talks  with 
Whitfield  Diffie,  Sun 
Fellow,  CSO  and  noted 
cryptographer,  about 
open  source  in  the 
enterprise,  security  and 
more. 

www.nwdocfinder.com/1 747 


Experts  Sound  Off 
on  Security 

Speakers  at  the 
Security  Standard  con¬ 
ference  weigh  in  on 
what  they  feel  is  today’s 
biggest  security  threat. 
Featuring:  Steve  Hanna 
(Juniper),  above,  and 
Richard  Palmer  (Cisco). 

www.nwdocfinder.com/1 748 


NETWORK  WORLD  360: 

•  360 

Get  your  Daily  News 
Fix! 

The  Network  World  360 
podcast  now  offers  a 
daily  dose  of  network¬ 
ing  news.  Network 
World  editors  bring  you 
the  top  stories  each  day 
for  your  listening 
pleasure. 

www.nwdocfinder.com/1 
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NEWSLETTERS 


Scanning  on  port  80P 


I BLOGOSPHERE 


■  Cisco  snags  Cognito.  Wireless  industry 
icon  Craig  Mathias  has  launched  a  new  blog 
on  Network  World.  His  thoughts  on  the  Cisco 
purchase  of  Cognito:  “Spectrum  Expert  is  a 
PC-based  hardware/software  tool  that  can 
quickly  identify  what's  going  on  in  the  2.4  and 
5GHz  spectrum  occupied  by  Wi-Fi,  and  it  has 
saved  my  butt  more  times  than  I  can  remem¬ 
ber  .  .  .  think  about  the  possibilities  here. 
While  any  Wi-Fi  radio  can  see  potential  inter¬ 
ference  from  other  Wi-Fi  devices,  they  can’t 
see  non-Wi-Fi  traffic  at  all.  That's  where 
Cognio  comes  in  —  they  build  a  spectrum- 
analyzer-on-a-chip  called  SAgE  (Spectrum 
Analysis  Engine),  and  just  imagine  how  good 
a  job  we  could  do  with  in  setting  channel 
assignments  and  transmit  power  levels  if  we 
knew  what  else  was  happening  in  the  air." 
www.nwdocfinder.com/1743 

■  Managing  VMware  infrastructure 
with  Windows  PowerShell  (in  the 

future).  Microsoft  Subnet  blogger  Tyson 
Kopczynski:  "A  little  birdie  told  me  this  today. 
Well,  actually  his  name  is  Dmitry.  Anyhow,  I 
never  thought  that  I  would  seethe  day.  I  know 
people  have  been  managing  VMware  infra¬ 
structure  with  some  custom  PowerShell 
scripts.  But,  to  think  that  there  may  soon  be 
glorious  cmdlets  from  which  I  can  unleash  the 
hounds  of  PowerShell  automation  upon 
VMware-based  data  centers.  Well,  I’m 
shocked. . . .  “ 

www.nwdocfinder.com/1744 

■  Cisco  engineers  with  top-secret 
security  clearances  are  available  for 
hire.  Cisco  Subnet  blogger  Brad  Reese 
writes:  “In  the  not  too  distant  past,  hiring 
managers  contacted  me  regarding  the  avail¬ 
ability  of  Cisco  certified  network  engineers 
who  possess  highly  coveted  top  secret  secu¬ 
rity  clearances."  He  offers  a  list  of  qualified 
top-secret  engineers  available  for  hire  and 
links  to  where  you  might  find  the  names  of  219 
more  from  43  countries. 
www.nwdocfinder.com/1745 

■  New  crimeware  stats.  Deb  Radcliff 
has  got  the  latest  word  on  bots,  Trojans  and 
denial-of-service  attacks.  These  are  the  top 
three  offenders  in  the  world  of  cybercrime, 
she  writes:  “Secure  Computing’s  Trends  Re¬ 
port  for  August  states  that:  Spam  made  up 
89%  of  all  e-mail.Trojan  Horses  made  up  78% 
of  all  newly  detected  malicious  code.  Trojan 
horses  are  hidden  malicious  applications 
hidden  inside  downloadable  executable  files, 
such  as  iFrame  and  other  types  of  anima¬ 
tions.  Ninety-seven  percent  of  all  malware 
came  in  the  form  of  Windows  Executables. 
www.nwdocfinder.com/1746 


Wi-Fi  guest-access  strategies 

Wide-area  networking:  A  recent  newslet¬ 
ter  described  what  we  referred  to  as  the  port 
80  black  hole.There  is  a  growing  number  of 
applications,  including  peer-to-peer  software 
such  as  Skype  and  AOL  Instant  Messenger, 
that  use  port  80  but  most  IT  organizations 
don’t  have  the  ability  to  distinguish  between 
the  applications  that  use  port  80.  As  a  result,  IT 
organizations  are  vulnerable  to  security 
breaches,  cannot  comply  with  government 
and  industry  regulations,  are  open  to  being 
charged  with  breaking  copyright  laws,  and 
will  struggle  to  manage  the  performance  of 
key  business-critical,  time-sensitive  applica¬ 
tions.  One  response  to  that  newsletter  was 
from  Jim  Frey  vice  president  of  marketing  at 
NetScout  Systems.  Frey  wrote: “As  longstanding 
readers  of  your  newsletter  your  Sept.  6, 2007, 
issue  was  of  particular  relevance. You  pointed 
out  a  number  of  applications  that  hop  their 
way  through  the  network,  very  adeptly  avoid¬ 
ing  port  80  at  times,  other  times  they  are  sim¬ 
ply ‘hiding  in  plain  sightl’There  are  also  some 
complex  applications  that  traverse  port  80, 
like  the  Financial  Information  exchange  (FIX) 
protocol-based  applications  for  electronic 
financial  trading  services.”  Frey  went  on  to  say: 
“One  thought  that  hit  us,  as  your  conclusion 
discusses  ways  to  handle  AIM  or  Skype,  is  to 
determine  your  company’s  policy  on 


whether  to  block  these  services  in  your  own 
network  —  but  how  do  you  know  if  you  have 
these  services  in  your  network? 

www.nwdocfinder.com/1740 

Wireless  in  the  enterprise:  I  mentioned 
last  time  some  of  the  Wi-Fi  mobility  woes  I 
experienced  on  a  recent  weeklong  business 
trip.  One  in  a  series  of  snafus  was  the  impossi¬ 
bility  of  getting  on-the-fly  guest  Internet  access 
at  a  client  company  1  was  visiting.The  issue  at 
hand  is  getting  the  temporary  guest  —  be  it  a 
contractor,  business  partner  or  customer  — 
sanctioned  in  the  user  database  and  issued  a 
username  and  password.  Generally  this 
requires  planning  ahead  and  involvement  of 
the  IT  staff.  Because  IT  staffers  already  have 
plenty  to  do,  this  takes  time  and  certainly  tem¬ 
pers  a  company’s  flexibility  to  accommodate 
drop-in  colleagues.  Some  progress  is  being 
made.Wi-Fi  systems  maker  Trapeze  Networks 
recently  launched  SmartPass  to  hasten  getting 
a  guest  signed  up  for  wireless  Internet  access. 
The  system  has  two  levels  of  access:  one  for 
non-IT  personnel,  which  is  limited  to  creating 
a  guest  pass  for  someone  that  lasts  a  number 
of  hours,  days,  or  weeks.The  other  is  for  IT 
personnel,  who  have  more  granular  control 
over  user  access,  data,  and  records. 
www.nwdocfinder.com/1741 
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CAPITAL 

EQUIPMENT 

COSTS 


BUT  WHAT'S  $14,100,000  BETWEEN  OLD  FRIENDS? 


Details  available  online  atwww.fouhdrynet.com/believen  Copyright  ©  2007  Foundry  Networks,  Inc.  Ail  rights  reserved.  All  other  trademarks  property  of  their  respective  owners. 
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BECOME  A  BELIEVER 


Introducing  the  first  and  only  128-port,  10GbE  single  chassis  backbone  router. The 
Netlron  XMR  32000.  It  costs  about  1/1 0th  the  price  of  a  similar  port  configuration  from 
Cisco's  CRS-1*.  And  it  saves  you  even  more  after  the  purchase.  It  requires  less  energy  to 
operate,  less  cooling  to  function  and  less  space  in  your  POP/Datacenter.  In  case  you  were 
wondering,  it's  dramatically  less  expensive  than  Juniper,  too.  It  also  comes  with  high 
availability,  rich  !Pv4/IPv6/MPLS  routing  features,  Ethernet  and  Packet  over  SONET 
interfaces  and  sophisticated  security  and  QoS  functionalities  you'd  expect  of  a  world 
class  backbone  router. The  Netlron  XMR  32000  delivers  it  all  along  with  3.2 Tbps 
throughput  and  wire-speed  in  every  port.  See  it  for  yourself  at  foundrynet.com/believer 


FOUNDRY 

NETWORKS 

The  Power  of  Performance™ 


X 


.INFRASTRUCTURE  LOG 

_DAY  75:  These  cables  are  everywhere!!  Connecting 
underutilized  servers  to  more  underutilized  servers. 
Our  energy  usage  is  out  of  control!! 

_DAY  77:  I  found  a  way  out  of  this  mess:  the  super¬ 
efficient  IBM  BladeCenterf  It  helps  us  manage  power 
and  cooling  usage  with  intelligent  Cool  Blue™ 
technology.  And  with  its  Dual-core  Intel®  Xeon® 
processor,  we  won’t  have  to  sacrifice  performance  for 
efficiency.  So  out  with  cables,  in  with  blades. 

_DAY  79:  Gil’s  stuck  under  the  ball.  Tried  calling  his  wife. 
Turns  out  the  photo  of  his  family  came  with  the  frame. 


Xeon* 


inside " 


Dual-core. 
Do  more. 


IBM,  the  IBM  logo.  Cool  Blue  and  BladeCenter  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries. 
Intel,  Intel  Inside,  the  Intel  Inside  logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and/or  other  countries.  Other 
company  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2007  IBM  Corporation.  All  rights  reserved. 
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■  Follow  these  links  to  more  resources  online 


VMware  bugs  spotlight  security 


Aset  of  newly  discovered  flaws  in  components  of  VMware’s  virtual-machine 
software  has  called  attention  to  the  security  risks  associated  with  running  vir¬ 
tual  computers  on  a  single  system.VMware  has  updated  its  products  to  fix  the 
bugs,  disclosed  last  week,  but  users  who  have  not  updated  their  software  could 
face  serious  security  risks  because  of  a  trio  of  flaws  in  the  DHCP  server  that  ships 
with  VMware.The  DHCP  software  is  used  to  assign  IP  addresses  to  the  different  vir¬ 
tual  machines  running  within  VMware,  but  IBM  researchers  discovered  it  can  be 
exploited  to  gain  control  of  the  computer.“By  exploiting  this  vulnerability  you  get 
complete  control  of  any  of  the  machines  that  are  running  on  that  virtual  environ¬ 
ment,”  said  Tom  Cross,  an  IBM  researcher.www.nwdocfinder.com/1755 


SCO  admits  survival  uncertain.  With 
its  cash  reserves  running  out  and  its  legal 
case  against  IBM  unraveling,  the  SCO  Group 
now  says  there  is  doubt  that  it  will  remain 
afloat.  SCO  made  the  statement  in  its  most 
recent  quarterly  U.S.  Securities  and  Exchange 
Commission  statement,  filed  last  week.The 
company  cited  its  recent  motion  for  Chapter 
1 1  bankruptcy  protection,  as  well  as  a  court 
setback  relating  to  its  intellectual-property 
claims,  as  reasons  for  worry  Last  month  a  U.S. 
District  Court  judge  ruled  against  SCO  on  sev¬ 
eral  motions,  finding  that  Novell,  rather  than 
SCO,  owned  the  Unix  copyright.  Novell  had 
sold  SCO  some  Unix  rights  in  the  mid-1990s, 
but  the  court  said  that  copyright  was  never 
assigned.“As  a  result  of  both  the  Court’s 
August  10,2007  ruling  and  the  Company’s 
entry  into  Chapter  1 1 ,  there  is  substantial 
doubt  about  the  Company’s  ability  to  con¬ 
tinue  as  a  growing  concern,”  SCO  said  in  the 
filing,  www.nwdocfinder.com/1756 

Sprint  launches  home  cells  to  boost 
signals.  Underdog  mobile  operator  Sprint 
Nextel  quietly  rolled  out  an  emerging  tech¬ 
nology  last  week  to  give  customers  a  strong 
cellular  signal  and  flat-rate  calling  at  home.  In 
parts  of  Denver  and  Indianapolis,  Sprint 
began  selling  a  femtocell,a  small  cellular 
base  station  that  provides  service  specifically 
to  a  customer’s  home. The  Sprint  Airave,  made 
by  Samsung,  costs  $49.99  and  is  designed  for 
people  to  install  in  their  own  homes  by  plug¬ 
ging  it  into  a  broadband  Internet  connection. 
Then  they  can  pay  a  flat  monthly  rate  —  $15 
for  an  individual  and  $30  for  a  family  —  for 
unlimited  local  and  nationwide  long-distance 
calls  while  at  home. The  Airave  works  with 
any  Sprint  handset.  When  the  subscriber 
leaves  home,  a  call  will  shift  over  automati¬ 
cally  to  the  outside  cellular  network. 
www.nwdocfinder.com/1757 

Gartner:  Open  source  impossible  to 
avoid.  You  can  try  to  avoid  open  source,  but 
it’s  probably  easier  to  get  out  of  the  IT  busi¬ 
ness  altogether.  By  201 1,  at  least  80%  of  com¬ 


mercial  software  will  contain  significant 
amounts  of  open  source  code,  according  to 
Gartner.  For  enterprises,  the  important  thing  is 
to  set  guidelines  on  where  and  when  open 
source  products  are  to  be  used,  said  Gartner 
Analyst  Mark  Driver  at  the  firm’s  Open  Source 
Summit  in  Las  Vegas  last  week.  IT  shops  are 
scrambling  to  set  open  source  policies,  but 
almost  no  one  has  implemented  one  with 
any  teeth,  he  said.  It’s  better  to  avoid  open 
source  altogether  than  not  to  supervise  its 
adoption,  according  to  Driver. 
www.nwdocfinder.com/1758 

Rackable  gives  portable  data  center 
a  spin.  Rackable  Systems  unveiled  its 
answer  to  Sun’s  Project  Blackbox,  a  shipping 
container  full  of  computer  equipment  ready 
to  power  up  as  a  portable  data  center. 
Rackable  parked  its  product,  ICE  Cube,  across 
the  street  from  the  Moscone  Center  in  San 


Francisco,  the  site  of  last  week’s  Intel 
Developer  Forum,  and  gave  tours.  Both  ICE 
Cube  and  Blackbox  cram  servers,  storage  and 
related  equipment  into  a  shipping  container 
that  can  be  brought  to  a  site,  plugged  in  and 
started  up.  Hardware  is  stacked  up  on  both 
sides  of  the  container  with  a  narrow  hallway 
down  the  middle  for  technicians  to  maintain 
the  equipment.  ICE  is  an  acronym  for 
Integrated  Concentro  Environment. 
www.nwdocfinder.com/1759 

Cybercrime  up,  software  vulnerabili¬ 
ties  down.  The  number  of  software  vulnera¬ 
bilities  recorded  in  the  first  half  of  this  year 
declined,  while  the  use  of  cybercrime  toolkits 
accelerated,  according  to  separate  IBM  and 
Symantec  risk-assessment  reports.  IBM’s  ISS 
division  provided  its  semiannual  count  of  the 


number  of  new  software  vulnerabilities  — 
which  decreased  3.3%  to  3,273  compared 
with  the  same  period  last  year  —  and 
Symantec  updated  its  biannual  Internet 
Security  Threat  Report.  According  to  the  ISS 
report,  attackers  are  concentrating  on  Web- 
based  exploits  that  take  advantage  of  critical 
vulnerabilities,  including  16  vulnerabilities 
that  required  patching  in  Internet  Explorer 
and  22  vulnerabilities  in  the  Firefox  browser 
found  during  the  first  half  of  2007.  Symantec 
notes  in  its  report  that  cybercrime  is  increas¬ 
ingly  professionalized,  because  of  the  rise  of 
cybercrime  toolkits,  such  as  MPack. 
www.nwdocfinder.com/1760 


Spotlight  BUYOUTS 

The  risky  business  of  acquisi¬ 
tions.  Cisco  has  made  16  acquisitions 
in  the  past  two  years,  and  statistically 
speaking,  it's  likely  one  to  four  of  them 
will  fail.  "Approximately  a  quarter  of  our 
acquisitions  don't  work,”  Cisco’s  Senior 
Vice  President  Howard  Charney  told 
attendees  at  the  company’s  Networkers 
show  in  Australia  last  week.  Charney 
didn’t  name  specific  companies,  but 
added  that  even  the  failed  acquisitions 
were  still  beneficial  because  they  deliv¬ 
ered  new  intellectual  property,  staff  and 
users  to  Cisco. The  company’s  most 
notable  acquisition-strategy  failure 
involved  optical  networking;  problems  in 
that  technology  area  surfaced  soon 
after  Cisco’s  purchase  of  Monterey 
Networks  in  1999. 
www.nwdocfinder.com/1753 

Cisco  to  acquire  Cognio.  Cisco  last 
week  said  it  will  purchase  privately  held 
Cognio,  a  maker  of  spectrum-analysis 
and  management  systems  for  wireless 
networks. Terms  of  the  acquisition  were 
not  disclosed.  Cognio  develops  prod¬ 
ucts  to  detect  and  mitigate  sources  of 
radio  frequency  interference  in  corpo¬ 
rate  wireless  networks.  Reduced  inter¬ 
ference  translates  to  better  perform¬ 
ance  for  mobile  applications,  Cisco 
says.The  Cognio  acquisition  is  ex¬ 
pected  to  close  in  the  first  quarter  of 
Cisco’s  2008  fiscal  year,  which  began 
last  month.The  deal  will  be  acquisition 
No.  122  for  Cisco. 
www.nwdocfinder.com/1754 
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Event  to  showcase  cutting  edge 


BY  JON  BRODKIN 

Network  executives  looking  for  new  and 
innovative  enterprise  IT  products  will  en¬ 
counter  food  for  thought  at  DEMOfall07 
(www.nwdocfinder.com/1278),  a  launch  pad 
event  for  emerging  technology  that  kicks  off 
Monday,  Sept.  24. 

Here’s  a  quick  look 
at  some  of  the  prod¬ 
ucts  that  will  be  un¬ 
veiled. 

Ever  wish  you  could 
fix  a  smart  phone  for 
a  user  who’s  out  of  the  office?  LogMeln  (www. 
nwdocfinder.com/1279),  which  launched  two 
years  ago  to  provide  remote  access  to  PCs,  is 
introducing  a  product  that  lets  IT  support  tech¬ 
nicians  see  and  access  the  user’s  smart  phone 
from  their  own  computer  screens. 

LogMeln  Rescue  +  Mobile  works  like  this:  A 
support  technician  directs  the  device  owner  to 
www.rescuemobile.com,  where  a  small  applet 
is  downloaded  to  the  mobile  device  and  the 
user  is  given  a  connection  code  that  securely 
links  the  technician  to  the  phone. 

Technicians  can  manipulate  a  phone’s  key¬ 
pad  as  if  they  were  holding  it  in  their  hands,  let¬ 
ting  them  fix  bugs,  update  software,  configure 
settings  or  train  users. 

The  mobile  service  supports  smart  phones 
running  the  Microsoft  Windows  Mobile  operat¬ 
ing  system.  Later  versions  will  support  the 
Symbian  and  BlackBerry  operating  systems, 
according  to  LogMeln. 

Another  DEMO  announcement  aims  at  mak¬ 
ing  geospatial  information  on  municipalities 
more  accurate  and  available  in  higher  resolu¬ 
tion.  Earthmine  says  it  is  using  new  technology 
to  map  every  road, alley  and  freeway  in  munic¬ 
ipalities,  and  provide  tools  for  viewing  and 
using  spatial  data. 

Earthmine  says  current  sources  of  spatial 
information  for  urban  environments  are  often 
out-of-date  or  of  poor  resolution.  The  vendor 
says  its  technology  will  assist  complex  deci¬ 
sion  making  in  government  and  commercial 
enterprises. 

“Earthmine  just  might  be  the  key  to  mak¬ 
ing  the  promise  of  the  GeoWeb  a  reality” says 
DEMO  Executive  Producer  Chris  Shipley  in  a 
press  release.  “With  its  unique  ability  to  put 
complex  geospatial  data  in  a  context  that 
anyone  can  understand,  Earthmine  is 
enabling  a  whole  new  generation  of  map¬ 
ping  applications.” 

Earthmine’s  technology  which  it  calls  “reality 
indexing,”  integrates  hardware,  software  and 
workflow  programs  to  deliver  street-level 
geospatial  data  through  a  Web  interface.  High- 
resolution  panoramic  images  in  three  dimen¬ 
sions  can  be  collected  for  entire  metropolitan 
areas  by  teams  of  drivers  within  weeks. 

Earthmine  expects  to  begin  beta  testing  by 


year-end.  The  company  plans  to  target  cities 
and  enterprises  with  heavy  reliance  on  GIS  that 
need  to  analyze  information  related  to  urban 
environments. 

In  more  DEMO  news,  e-mail  collaboration 
and  data  integration  are  being  targeted  by  a 

product  announced 
by  Prolify 

Prolify  is  unveiling 
an  add-on  to  Microsoft 
Outlook  that  lets  infor¬ 
mation  workers  col¬ 
laborate  and  manage 
all  their  tasks  within  e-mail,  and  gives  managers 
real-time  status  updates  for  projects. With  a  data 
integration  bridge,  Prolify  connects  email  to 
CRM,ERP  and  other  applications,  removing  the 
need  for  manual  updates  and  information 
retrieval. 

“Prolify  enhances  e-mail  so  it  works  proper¬ 
ly  as  a  collaboration  tool,  giving  people  the 
freedom  to  easily  work  together  and  interact 
with  a  range  of  applications  right  from  their 
desktop  or  mobile  e-mail,”  Prolify  says.“Prolify 
enables  users  to  assign,  coordinate  and  track 
everything  from  ad  hoc  activities  to  multide¬ 
partment  projects  right  from  Microsoft  Office 
Outlook.” 

The  system  aims  to  improve  management  of 
assignments  by  providing  visibility  into  work 
status  and  delays,  analysis  tools  for  activities 
and  projects,  and  an  audit  trail  of  all  written 
communication  for  each  project. 

Reducing  the  cost  of  the  enterprise  WAN  is 
the  focus  of  Talari  Networks,  a  DEMO  presenter 
that’s  been  in  stealth  mode.  Talari’s  Adaptive 
Private  Networking  is  an  appliance  deployed  at 
data  centers  and  remote  locations,  letting  cus¬ 
tomers  combine  broadband  circuits  from  dif¬ 
ferent  providers  or  augment  traditional  WAN 
services  with  broadband  circuits. Talari  says  its 
product  will  reduce  WAN  service  cost  by  at 
least  40%  while  offering  greater  reliability  than 
existing  solutions. 

Among  other  benefits,  Talari  could  help  a 
global  company  give  work  teams  access  to 
high-quality  videoconferencing  services,  im¬ 
proving  collaboration,  Shipley  says. 

“Talari’s  solution  shifts  the  economics  of 
enterprise  communications  by  orders  of  mag- 


ONLINE:  More  from  Demo 

For  more  coverage  of  the  70  announce¬ 
ments  at  DEMOfall07,  check  out 

www.demo.com 

Take  a  look  at  some  of  the  products  to 
be  unveiled  at  the  show: 

www.nwdocfinder.com/1752 


nitude.  Reducing  operating  expenses  by  hun¬ 
dreds  of  thousands  of  dollars  while  maintaining 
and  improving  performance  and  reliability  has 
a  huge  impact  in  and  of  itself,”  Shipley  says.B 


InBrief 


3Com  investor  charged 
in  bomb  threats 

An  individual  investor  in  3Com  was  charged 
last  week  by  federal  authorities  with  threat¬ 
ening  to  bomb  investment  firms  if  they  did 
not  boost  the  company's  stock.  John 
Tompkins  of  Dubuque,  Iowa,  was  charged 
with  15  counts,  including  securities  fraud, 
intent  to  extort,  possession  of  an  unregis¬ 
tered  destructive  device  and  using  a 
destructive  device  while  committing  a  vio¬ 
lent  crime. Tompkins,  a  machinist,  was 
arrested  in  April  and  accused  of  sending 
threatening  letters  and  bombs  to  investment 
firms  under  the  guise  of  “The  Bishop.” 
Tompkins  could  face  life  in  prison  if  convict¬ 
ed  on  the  charge  of  using  a  destructive 
device  while  committing  a  violent  crime. 

Internet  pipes  holding  up 

Despite  more  people  dishing  up  video  and 
other  bandwidth-saturating  content, 

Internet  traffic  growth  rates  are  slowing 
down,  according  to  a  new  Web  site  at  the 
University  of  Minnesota.The  Minnesota 
InternetTraffic  Studies  site  shows  that 
Internet  traffic  growth  rates  have  settled  in 
at  about  50%  to  60%  in  the  United  States 
and  worldwide  as  the  Internet  matures. 
That's  a  far  cry  from  the  doubling  rates 
every  year  or  even  every  100  days  that  some 
claimed  in  the  mid-to-late  1990s. 

Sun  nixes  federal  contract 

Sun  canceled  one  of  its  largest  contracts 
with  one  of  the  country's  largest  IT  buyers, 
the  federal  government.The  company,  which 
is  embroiled  with  the  General  Services 
Administration's  Inspector  General  over 
pricing  policies,  said  it  would  cancel  its 
Multiple  Award  Schedule  effective  Oct.  12. 
Sun  will  continue  to  do  business  with  the 
federal  government  without  an  MAS  con¬ 
tract.  Sun  has  been  the  subject  of  an 
Inspector  General's  investigation  into  its 
product  pricing  policies,  which  revealed  the 
government  had  been  overcharged  by  Sun 
for  $25  million  and  failed  to  receive  dis¬ 
counts  Sun  gave  to  its  largest  customers. 
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No  price  hike  for  SQL  Server  2008 


BY  JOHN  FONTANA 

DENVER  —  On  top  of  new  fea¬ 
tures  in  the  next  version  of  SQL 
Server  2008,  the  most  alluring  attri¬ 
bute  should  be  that  the  database’s 
price  will  not  change,  according 
to  Microsoft. 

The  latter  news  came  from  Ted 
Kummert,  corporate  vice  presi¬ 
dent  for  the  data  and  storage  plat¬ 
form  at  Microsoft,  and  drew  rous¬ 
ing  applause  from  about  2,000 
SQL  Server  users  gathered  at  their 
annual  Professional  Association 


for  SQL  Server  (PASS)  Summit. 

The  per-processor  retail  pricing 
of  SQL  Server  2005  is  $24,999. 

Kummert  had  little  other  news 
to  share  but  used  his  time  to  lay 
out  the  foundational  elements  of 
SQL  Server  2008,  slated  to  ship 
between  April  and  June  30, 2008. 

It  was  Kummert’s  first  chance  to 
talk  to  the  PASS  customer  base 
since  coming  to  Microsoft’s  data¬ 
base  business  unit  in  January 
He  used  a  series  of  demos  to 
whip  up  excitement  around  SQL 


Server  2008  even  as  more  than 
half  of  the  database’s  users  have 
yet  to  migrate  to  the  2005  version, 
which  Microsoft  considers  the 
migration  steppingstone  to  SQL 
Server  2008. 

“I  am  here  to  see  what  [SQL  Ser¬ 
ver]  2008  does  and  what  it  means 
to  move  the  database  beyond  rela¬ 
tional  data,”  says  Johan  Bijnens, 
system  engineer  for  steel-manu¬ 
facturing  giant  Arcelor  Mittal, 
based  in  Belgium.  Bijenes  says  his 
division  is  nearly  10%  into  a  roll¬ 


out  of  SQL  Server  2005. “Once  we 
get  the  first  feedback  after  2008 
ships,  then  we  will  start  a  real  eval¬ 
uation,”  he  says.  But  the  plan  is  not 
to  skip  2005. 

With  2008  in  beta,  the  attendees 
were  at  PASS  to  evaluate,  and 
Kummert  said  he  would  do  that 
via  demos. 

“We’re  going  to  spend  some 
time  letting  the  code  speak  about 
where  we  are  headed  specifically 
with  SQL  Server  2008”  Kummert 

See  Microsoft,  page  47 
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More  change  ahead  for  Network  General  users 


BY  DENISE  DUBIE 

Network  General  customers  could  face 
another  upheaval, as  the  company  will  change 
hands  for  the  third  time  in  10  years  when 
NetScout  Systems  completes  its  $205  million 
acquisition  of  the  Sniffer  technology  creator. 

The  acquisition,  expected  to  close  in 
November,  would  combine  Network  General’s 
expertise  in  managing  networks,  applications 
and  servers  from  the  bottom  up  with 
NetScout’s  top-down  approach  to  real-time  net¬ 
work  and  application-performance  monitoring 
and  management,  NetScout  officials  say. 
Industry  watchers  agree  the  acquisition  could 
give  customers  more  comprehensive  network 
and  application  performance-management 
capabilities. 


“Network  General’s  acquisition  of  Fidelia  last 
February  gives  them  the  application-perfor¬ 
mance  story  that  NetScout  was  not  covering,” 
says  Tracy  Corbo,  senior  analyst  for  IDC.“These 
companies  have  found  themselves  more  often 
in  cooperative  selling  environments  because 
each  was  approaching  the  problem  differently’ 
Network  General,  founded  in  1986,  estab¬ 
lished  itself  with  its  Sniffer  packet-analysis  tech¬ 
nology  and  found  itself  pigeonholed  in  cus¬ 
tomers’  minds.Today  the  vendor  has  more  than 
4,000  customers,  who  in  the  past  10  years  have 
seen  Network  General  acquired  by  McAfee, 
sold  by  Network  Associates  (which  now  is 
McAfee  again)  and  now  most  likely  picked  up 
by  NetScout.  Despite  customer  loyalty  to  a 
technology  staple  such  as  Sniffer,  industry 


watchers  say  Network  General  customers 
could  become  alienated  without  proper  sup¬ 
port  from  NetScout. 

“My  concern  is  over  the  fact  that  the  Network 
General  customers  had  to  go  through  a  previ¬ 
ous  acquisition  and  now  must  go  through  yet 
another;”  Corbo  says.“If  NetScout  wants  to  dou¬ 
ble  its  revenue  base,  they  will  need  to  work 
very  hard  to  shore  up  that  base  and  provide 
them  a  very  visible  level  of  customer  support 
to  allay  any  concerns  they  may  have  regarding 
ongoing  product  support.” 

NetScout  says  it  intends  to  support  all 
Network  General  products,  take  on  all  employ¬ 
ees  and  maintain  operations  at  the  Network 
General  location  in  San  Jose,  in  addition  to 
NetScout’s  Westford,  Mass.,  headquarters.  BE 
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IT  grapples  with  heat,  overcrowding 

EPA  gets  serious  about  reducing  power  and  cooling  loads  in  data  centers 


Powering  the  data  center 

High  energy  consumption  in  the  data  center  is  creating  challenges  for  IT 
managers.  Here  are  some  numbers  to  watch: 

•  Over  the  next  five  years,  power  failures  and  limits  on  power  availability  will  halt  data 
center  operations  at  more  than  90%  of  all  companies,  data  center  association  AFCOM 
predicts. 

•  Between  8%  and  10%  of  servers  in  data  centers  have  no  identifiable  function,  according 
to  Sun. 

•  Most  data  centers  already  are  well  past  the  cooling  capacity  provided  by  raised  floors, 
which  is  typically  about  4kW  to  6kW  per  rack,  Sun  reports.  Racks  above  12kW  are  probably 
blade-based  and  will  require  supplemental  cooling. 

•  IT  equipment  consumes  50%  of  data  center  power,  according  to  consulting  firm  EYP 
Mission  Critical  Facilities. 


BY  DENI  CONNOR 

DALLAS  —  These  days  Andrew  Fanara  isn’t 
worrying  about  the  massive  amounts  of  elec¬ 
tricity  a  big-screen  TV  consumes;  he’s  thinking 
about  how  electrical  consumption  in  the  data 
center  is  accelerating  from  the  use  of  power- 
hungry  servers  and  other  network  gear. 

Fanara  is  program  manager  for  the  Environ¬ 
mental  Protection  Agency’s  Energy  Star 
Program,  which  rates  consumer  appliances. 
He  spoke  last  week  at  the  AFCOM  Data 
Center  World  conference  (www.nwdocfind- 
er.com/1750),  where  850  IT  professionals 
tuned  in  to  hear  Fanara  talk  about  the  gov¬ 
ernment’s  efforts  to  promote  energy  efficien¬ 
cy  in  data  centers. 

Electricity  is  the  lifeblood  of  a  data  center, 
Fanara  said. “Ironically  it  is  the  inefficient  use  of 
that  energy  that  creates  the  challenges  that 
many  [data  center  managers]  are  facing  in 
terms  of  running  out  of  power,  having  to  go 
build  additional  data  centers,  incurring  that 
cost,  not  utilizing  the  IT  assets  as  much  as 
[they]  probably  would  like  to,”  he  said.  “All  of 
that  creates  significant  challenges.” 

Several  sources  confirm  enterprises  are 
struggling  with  jam-packed  data  centers.  A 
recent  survey  from  storage  vendor  OnStor  of 
369  IT  professionals  found  that  63%  of  organi¬ 
zations  have  run  out  of  space,  power  or  cool¬ 
ing  capacity  without  warning.  Further,  at  the 
current  data-growth  rate,  43%  of  respondents 
said  they  could  stay  in  their  present  infra¬ 
structure  for  only  six  months  to  one  year  if 
they  changed  nothing. 

Research  from  Gartner  reports  that  50%  of 
current  data  centers  by  2008  will  have  insuffi¬ 
cient  power  and  cooling  capacity  to  meet  the 
demands  of  high-density  equipment. 

At  the  AFCOM  event,  Fanara  pinpointed  the 
electricity-gulping  x86-based  server  as  the  first 
target  of  the  EPAs  attention.“Volume  servers  are 
probably  the  largest  consumers  of  energy  They 
are  not  the  most  efficient  in  terms  of  their  en¬ 
ergy  use  and  thus  are  the  biggest  opportunities 
going  forward,”  Fanara  said. 

To  help  spell  out  just  how  much  power 
servers  draw,  the  EPA  plans  to  develop,  as  soon 
as  year-end,  Energy  Star  standards  for  servers 
that  will  let  vendors  test  for  energy  efficiency 
and  computing  performance  and  brand  their 
servers  with  Energy  Star  ratings,  which  were 
previously  reserved  for  consumer  appliances. 

The  EPA  also  will  release  recommendations 
for  more  efficient  server  power  supplies. 
Between  1  kWh  and  1 .5  kWh  of  power  can  be 
saved  for  every  1  kWh  saved  at  the  plug,  accord¬ 
ing  to  the  EPA.  The  agency  is  working  with  a 
group  called  the  Climate  Savers  Computing 
Initiative  to  develop  power  supplies  that  are 
90%  more  efficient  than  earlier  models  and 


could  reduce  greenhouse  gas  emissions  by 
54  million  tons  per  year,  potentially  saving 
more  than  $5.5  billion  in  energy  costs. 

A  test  procedure  has  been  developed  by  the 
Electric  Power  Research  Institute  (EPRl),a  non¬ 
profit  energy  and  environmental  research  cen¬ 
ter,  to  verify  power-supply  efficiency  reliability 
and  performance. 

Looking  ahead,  Fanara  said  the  industry 
needs  a  means  to  measure  the  energy  con¬ 
sumption  of  servers,  storage  and  other  net¬ 
work  gear  that  takes  into  account  not  only 
the  capability  of  the  product  but  also  its  real- 
world  performance. 

That’s  something  the  Standard  Performance 
Evaluation  Corp.  (SPEC), an  industry  group  that 
provides  system-performance  tests,  is  working 
on.“SPEC  is  creating  a  power  and  performance 
benchmark,  the  first  of  its  type,  which  measures 
server  performance  in  a  real-world  situation,” 
Fanara  said. 

Real-world  performance 

Data  center  manager  Jeff  Allen  also  took  the 
stage  at  Data  Center  World  and  talked  about 
how  energy  consumption  is  limiting  his  ability 
to  do  his  job. 

Allen,  technology  operations  center  man¬ 
ager  at  Georgia  State  University  in  Atlanta,  re¬ 
counted  how  he  was  asked  by  the  university 
to  host  new  applications  on  his  network.  To 
do  so  required  Allen  to  add  a  new  UPS  and 
deal  with  an  electrical  generator  that  was 
running  at  maximum  capacity  and  a  5,500- 
square-foot  data  center  that  was  maxed  out 
on  space  and  cooling. 

“Our  network  operations  center,  before  we 
began  the  upgrade,  was  basically  operating  on 
numerous  battery-style  UPSs,” Allen  said.There 
was  no  standardization,  no  schedule  for  bat¬ 
tery  replacement  and  no  maintenance  con¬ 


tracts  on  many  of  them.” 

To  solve  the  problem,  the  university  invested 
in  an  integrated  UPS  and  DC  power  system 
that  uses  flywheel  technology  which  is  an 
alternative  to  chemical  batteries  and  provides 
power  during  disturbances  until  generator 
power  kicks  in. 

Allen  also  installed  racks  that  use  208V/30A 
power  to  lessen  his  energy  costs.“By  using  the 
higher  voltage  220  vs.  1 10  power,  we  are  reduc¬ 
ing  loss  of  power  through  the  wires,  allowing 
the  hardware  to  run  more  efficiently  because 
power  loss  has  been  reduced,  which  in  turns 
makes  us  more  energy  efficient,”  he  said. 

Banishing  energy  parasites 

Jack  Pouchet,  director  of  green  initiatives  for 
Emerson  Network  Power,  told  attendees  there 
are  some  very  simple,  but  often  overlooked, 
ways  to  save  on  energy  in  the  data  center. 

“Data  center  horror  stories  are  amazing  and 
would  make  great  comic  books,”  Bouchet  said. 

He  cited  typical  enterprise  errors.  One  is 
using  perforated  tiles  on  raised  floors  in  a 
hot  aisle,  which  allows  cooled  air  to  infil¬ 
trate.  Others  are  failing  to  use  blanking  plates 
in  racks  where  servers  or  other  network  gear 
don’t  exist,  which  lets  hot  air  blow  into  cold 
aisles,  and  keeping  the  lights  on  24/7  in  a 
data  center. 

“We  ball  parked  250  to  300kW  of  energy  sav¬ 
ings  we  could  get  from  the  generator  room, 
the  lighting,  the  environmental  for  the  secu¬ 
rity  system,  the  fire  suppression  system  — 
things  that  were  superfluous  or  parasitic  loss¬ 
es,”  Pouchet  said. 

“These  parasitic  losses  are  things  that  are  not 
core  to  your  operations,  they  don’t  support  the 
servers,  they  don’t  keep  them  running,  they 
don’t  keep  them  cool,  they  don’t  process  data, 
they  don’t  process  storage.”  ■ 
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reform  enterprise 


New  Nortel  exec  to 

In  an  unexpected  move,  Nortel  last  week  replaced 
its  enterprise  chief.  After  20  years  with  Nortel, 
Enterprise  Solutions  President  Steve  Slattery  is  leav¬ 
ing  the  company  Oct.  1.  Taking  over  immediately, 
however,  is  Joel  Hackney,  Nortel’s  former  senior 
vice  president  of  Global  Operations  and  Quality, 
and  another  of  CEO  Mike  Zafirovski's  colleagues  from  General 
Electric.  Hackney,  credited  with  driving  many  of  Nortel’s  recent 
operational,  supply  chain,  customer  and  business  improvements, 
shared  some  thoughts  with  Network  World  Managing  Editor  Jim 
Duffy  on  the  sudden  switch,  which  comes  while  Enterprise 
Solutions  is  enjoying  some  solid  momentum  —  although  appar¬ 
ently,  things  aren ’t  moving  fast  enough. 


Enterprise  Solutions  grew  23%  in  the  sec¬ 
ond  quarter,  its  fourth  consecutive  quar¬ 
ter  of  year-over-year  growth.  Why  the 
switch? 

We  just  finished  our  strategy  session,  and 
we’re  pleased  with  the  progress,  but  we 
think  there’s  a  lot  more  we  can  do.  What 
we’re  focused  on  is  accelerating  the 
progress.  It’s  all  about  accelerating  the 
momentum  that’s  in  place. 

What  do  you  want  to  do  differently? 

Customers  are  looking  for  a  real  choice. 
Every  time  we  become  more  visible  in  the 
marketplace  —  either  through  investments 
in  go-to-market,  on  product  innovations,  or 
in  partnerships  and  key  alliances  —  the 
paybacks  are  coming  back  in  a  meaningful 
way  So  what  I  want  to  do  is  really  double 
down  on  the  investments,  focus  on  go-to- 
market  and  to  continue  the  alliances  that 
we’ve  done  in  meaningful  way  with 
Microsoft,  IBM  and  LG.  And  really  focus  on 
getting  our  message  to  the  market  much 
more  broadly  and  aggressively. 

Do  you  plan  to  rely  more  on  partnerships 
and  mergers  and  acquisitions,  rather 
than  internal  development? 

Partnerships  are  absolutely  a  critical 
piece  of  what  we’re  doing.  When  we  look 
at  business  process  intersecting  with 
communications  in  the  enterprise  space, 
it’s  clear  one  person  can’t  solve  it  or 
bring  all  the  solutions.  So  that’s  why  we 
have  made  the  major  alliances  like  we 
have.  We  feel  we  can  continue  to  grow 
this  business  and  accelerate  the  growth 


organically.  So  we  are  continuing  to  make 
those  investments.  But  we  are  also  very 
open  in  looking  at  opportunities  inorgan¬ 
ically.  So  it  is  a  combination  of  both. 

There's  been  a  lot  of  speculation  recently 
on  Nortel's  M&A  strategy,  and  Steve 
Slattery  even  mentioned  last  week  that 
Nortel  has  spent  the  last  18  months  siz¬ 
ing  up  potential  acquisition  targets.  Are 
you  ready  to  pull  the  trigger? 

I  wish  I  could  answer  that  question  directly 
I  obviously  can’t  speak  to  any  specifics 
other  than  to  say  that  the  inorganic  element 
of  our  growth  plan  is  important,  and  we’re 
focused  on  that  element  as  much  as  we  are 
the  organic,  but  we  need  both. 

Any  specific  product  areas  where 
you're  looking  for  the  inorganic 
contribution? 

Customers  need  a  real  choice  in  data.  Our 
strength  in  voice  is  well  known  and  well 
documented. We ’re  always  looking  at 
opportunities  to  build  our  capability  for  a 
direct  relationship  with  key  users  while  still 
partnering  with  channel  partners.  Anything 
specifically  that  does  either  or  both  of  those 
is  obviously  attractive  to  us. 

Top-line  growth  is  accelerating,  but  what 
about  the  bottom  line?  Is  Enterprise 
meeting  profitability  expectations? 

It  is  improving.  We  really  believe  we  can 
make  this  an  anchor  business,  and  for  us  an 
anchor  business  is  a  business  that’s  growing 
faster  than  market  and  has  double-digit 
operating  margins. We  think  the  opportunity 


exists  for  this  business,  and  that’s  where 
we’re  focused. 

Was  that  a  major  impetus  for  this 
switch? 

That  was  one  element  of  it,  but  not  the  only 
element. The  big  element  around  it  is,  hey, 
we’re  just  really  excited  about  what’s  possi¬ 
ble  here  and  what  we’ve  done,  and  we  want 
to  accelerate  it.  But  not  just  on  the  earnings 
line  —  all  the  way  down  the  P&LSo  you 
plan  to  increase  investment  while  at  the 
same  time  driving  double-digit  margins. 

That  implies  not  only  top-line  growth  but 
cost-cutting  as  well.  Are  you  looking  at  a 
product  rationalization? 

This  is  definitely  not  a  restructuring  story; 
this  is  a  growth  story  We’ll  always  on  a  day- 
to-day  basis  as  a  normal  part  of  business 
look  at  how  we  continue  to  tighten  up  our 
focus.  But  I  would  say  that  is  the  lesser  part 
of  the  equation. 

From  a  product  perspective,  what  are 
your  priorities? 

Unified  communications  for  us  is  a  big 
push.  Gartner  recently  positioned  us  in 
the  leadership  quadrant  for  unified  com¬ 
munications,  and  Cisco  as  the  challenger. 
We  believe  we  have  an  advantage  there. 
We’re  going  to  continue  to  invest  heavily 
in  that. The  other  area  I  would  say  is  in 
multimedia  applications  in  general.  If  you 
look  at  our  call  center/contact 
center/interactive-voice-response  prod¬ 
ucts  and  put  them  side-by-side  with  all 
the  competitors,  it  is  a  very  compelling 
value  proposition  that  we  want  to  contin¬ 
ue.  Lastly,  the  transition  to  [service-orient¬ 
ed  architecture]  is  one  that  we’re  com¬ 
mitted  to  and  will  continue  to  push. 

How  do  you  plan  to  accelerate  your  go-to- 
market  strategy? 

We’ve  made  significant  investments  on  that 
in  terms  of  increasing  the  number  of  feet 
on  the  street,  or  sales  resources  globally 
What  we’d  like  to  do  is  see  how  we  can 
even  do  more  of  that.  So  that’s  one  element 
in  terms  of  just  how  we  expand  our  reach. 
Another  element  is,  we’d  like  to  increase 
our  relationships  with  key  global  accounts 
—  multibillion-dollar  Fortune  100,200  com¬ 
panies  where  we  can  strengthen  the  rela¬ 
tionships  we  have  today  So  we’ve  put  in 
place  a  global  account  team  focused  on 
doing  that  while  at  the  same  time  leverag¬ 
ing  our  channel  partners.® 
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There  is  a  better  way  to  protect  your  company  from  spyware 


Spyware  is  more  insidious  and  costly  than  viruses,  because  most  of  it  goes  undetected.  One  Fortune  100 
retailer  recently  found  6900  undetected  spyware  programs,  586  Trojans  and  21  keyloggers  despite  running 
freeware  plus  protection  from  a  leading  antivirus  provider,  You  see,  most  antivirus  providers  toss  in  some 
average  spyware  protection  (about  56%  effective)  with  their  product,  and  claim  it's  safe.  Only  Webroot® 
AntiSpyware  Corporate  Edition  could  find  and  remove  the  critical  malware  for  this  retailer. 


The  Best  Security  in  an 
Unsecured  World™ 


Webroot  security  software  is  the  standard  by  which  all  other  antispyware  is  measured,  plus  it  includes 
industry-leading  antivirus  protection.  Call  Webroot  today  at  1.866.865.3293  for  a  30-day  risk-free  trial 
Or  visit  www.webroot.com/nw  to  learn  more. 


©  2007  Webroot  Software  Inc.  All  product  names  are  the  rights  of  their  respective  holders. 


£11011011011101011011011 
111100101001010100100100 
1010100100.10010010000010 
001001001001081001011101 
80011010110110110110 1101 
80 0 100100X0101 @100101.8 10 
810101010181008101010101 
881101 101001018100100 1 00 
110110110110118108100108 
8100 11 101001001001800180 
3 1 10 1 101 1011 10101 10 1.10  i  I 
111100101601010108100100 
161010010010010618000010 
101018101810101118101110 
01010010100 1001001000010 
110118110110101101101018 
301081001 1 1018106010 1010 
818101001101101010100100 
3180101101 181103 11161101 
18181181161 161X81 10 1.8:101 
30X01110108101 101101 161 1 
11010101010110:  ■ 

1661 11 : ■ 

S0  0;  80101/  I0lfc01 

810101811 

I  \ 

18001  iMilttile  I  a  - 
38 180 1 001 66X0X1 181.00 1 8 

31618.1 1 18818X81010 ;  m  1 
P  If  1 010101 018100  10  x  0 .1 
1 18 100100188 10001 00 1 00 
1161.101181 1811011 10181 
21103 IX  i’100 16100 10 1010 
0180100 18 100 A 

imimimimimtmim 
miBim&ximumimi&d 


s 

Hi _ 

. 

Ml 

,  .  .  .  j 

■  •  '■  i.  are 


r  ?  5 

WWfi: 


-SB 


1J  3  ^ 


<•  mmm 


mm 


mm 


i 


A'  3, 


'0\  ilSi 

L  uy..v  J-tk . 


l'  ;v. 


t  fflU-as 

it's :  »■  ’fi®  w : 

■r.  w:-" 


Immortal  —  and  ubiquitous  —  digital  bread  crumbs 

Records  of  your  activities  are  growing,  with  few  rules  about  who  can  see  them 


The  New  York  Times  discussed  one  effect  of 
today’s  information-producing  technology 
in  a  Sept.  15  article  titled  “Tell-all  PCs  and 
phones  transforming  divorce.”  It  painted  a  grim 
picture  —  grim  for  the  cheaters,  anyway  —  of 
the  records  left  lying  around  if  someone  cheats 
on  a  spouse. The  article  focused  on  cell  phone 
records,  saved  e-mail  messages  and  hacked 
accounts,  but  there  are  a  lot  more  digital  bread 
crumbs  we  leave  behind,  most  of  which  proba¬ 
bly  will  far  outlive  us. 

The  job  seems  to  be  getting  easier  for 
divorce  lawyers,  at  least  those  not  working  for  people  with  some¬ 
thing  to  hide.  New  records  are  created  every  time  a  cheater  makes  a 
phone  call,  buys  something  with  a  credit  card,  sends  an  e-mail,  surfs 
the  Web,  drives  through  an  automated  highway  toll  booth,  enables 
an  automobile  GPS  system,  or  even  walks  down  the  street  with  a  cell 
phone  in  pocket  or  purse. 

Most  of  these  records  are,  for  practical  pur¬ 
poses,  immortal.  At  the  very  least,  most  of  the 
records  will  be  there  long  enough  to  be  useful 
to  a  spouse  or  lawyer  wanting  to  find  out  just 
what  is  going  on. 

Of  course,  records  are  not  kept  just  on  peo¬ 
ple  who  cheat  on  their  spouses.  As  Bill  Gates, 
among  others,  knows  too  well,  e-mail  is  forever. 

Vast  databases  are  being  built  up  about  the 
activities  of  us  all.  Inexpensive  disks  mean  it  is 
less  costly  for  data  collectors  to  hang  onto 
data  than  to  think  about  whether  they  might 
have  a  use  for  it  years  from  now.  Decades  from 


now,  an  investigator  may  be  able  to  find  out  that  you  bought  whole 
rather  than  skim  milk  at  the  market  last  week.  Some  companies  are 
beginning  to  pay  lip  service  to  the  idea  that  data  about  the  actions  of 
individuals  does  not  need  to  be  immortal,  but  far  too  few  are  doing  so. 

There  are  almost  no  rules  in  the  United  States  that  control  access  to 
this  building  pile  of  information. The  U.S.  government  has  refused  to 
take  the  same  kind  of  principled  approach  to  the  topic  that  Europe 
has.  One  of  the  few  U.S.  laws  in  the  area  illustrates  this  perfectly:  It  is 
illegal  under  U.S.  federal  law  to  disclose  videotape  rental  or  purchase 
records  improperly 

This  law  grew  out  of  the  disclosure  of  Robert  Bork’s  videotape  rentals 
during  his  Supreme  Court  confirmation  hearings.  Rather  than  require 
protection  of  all  private  records  about  individuals,  however,  Congress 
chose  to  address  this  one  instance  of  the  underlying  problem  rather 
than  the  problem  itself. 

So,  pay  cash  and  use  pay  phones  if  you  plan  to  cheat.  On  the  other 
hand,  if  you  are  one  of  the  data  collectors,  why  not  think  about  what 

you  need  to  know  about  your  customers  and 
how  long  you  need  to  know  it  —  not  to  pro¬ 
tect  cheaters  but  to  delay  a  little  bit  the  rush 
to  government  and  universal“Total 
Information  Awareness.” 

Disclaimer:  As  an  organization  in  the  edu¬ 
cation  business,  Harvard  is  required  to  col¬ 
lect  certain  information,  but  it  has  not 
expressed  an  opinion  about  the  collection 
of  extraneous  information.  So  the  above 
observation  is  mine. 

Bradner  is  Harvard  University's  chief  security 
officer.  He  can  be  reached  at  sob@sobco.com. 
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Scott  Bradner 


IT  Roadmap  security  event 

As  security  moves  up  the  stack,  the 
focus  shifts  to  content,  apps,  data  and 
defense-in-depth  architecture.  Learn 
how  to  structure  your  security,  close 
vulnerabilities  and  respond  to  attacks. 
Attend  IT  Roadmap:  Washington,  D.C., 
on  Dec.  13. 

www.nwdocfinder.com/1454 


Gartner  touts  Web  2.0,  scoffs  at  3.0 

Web  3.0  just  a  marketing  ploy,  but  collaborative  tools  are  here  to  stay 


BY  JON  BRODKIN 

LAS  VEGAS  —  IT  executives  just  getting  com¬ 
fortable  with  having  Web  2.0  technologies  in 
their  networks  face  a  moving  target:  Web  3.0. 

But  this  time,  the  buzzword  is  just  a  market¬ 
ing  ploy  used  to  hype  incremental  improve¬ 
ments  over  the  groundbreaking  technologies 
that  were  labeled  Web  2.0,  analysts  said  dur¬ 
ing  last  week’s  Gartner  Web  Innovation 
Summit  in  Las  Vegas. 

“There  are  a  lot  of  constituencies  trying  to 
hijack  the  term  Web  3.0,”  Gartner  fellow  David 
Mitchell  Smith  said  Thursday  These  are  mostly 
vendors  pushing  virtual  worlds,  the  semantic 
Web  and  the  mobile  Web,  Smith  said. 

Web  2.0  staples, such  as  AJAX,  mashups,  blogs 
and  wikis,  gained  mass  adoption  after  a  few 
years  in  which  there  was  not  a  lot  of  innovation 
in  Web  technology  said  Gene  Phifer,  a  Gartner 
distinguished  analyst. 

Gartner  analysts  are  avoiding  the  temptation 
to  give  a  new  label  to  the  latest  technologies 
such  as  virtual  worlds  and  the  semantic  Web, 
saying  they’re  not  providing  the  same  kind  of 
fundamental  change  as  blogs,  wikis  and  social¬ 
networking  tools. 

“It’s  not  going  to  be  another  era  like  Web  2.0,” 
Phifer  said.  “However,  there  will  be  some  very 
interesting  innovative  things  coming  out.  If 


Web  2.0  in  the  enterprise: 

Six  keys  to  success 

1.  Start  small  and  cultivate  success. 

2.  Make  it  open  and  easy  to  use  and  reuse. 

3.  Expose  connections  and  let  users 

create  structure,  share  bookmarks,  use 

tags  and  so  forth. 

4.  Links  to  e-mail,  syndication. 

5.  Identify  the  right  context. 

6.  Plan  for  growth. 

SOURCE:  GARTNER 

you’re  in  love  with  numbering  schemes,  maybe 
it’s  Web  2.1.” 

What’s  important  to  recognize  is  that  Web  2.0 
technologies  are  here  to  stay  and,  if  IT  helps 
nudge  them  along,  can  help  improve  collabo¬ 
ration  and  make  businesses  stronger,  analysts 
said  over  the  course  of  several  sessions  at  the 
conference. 

“The  bad  story  [about  Web  2.0]  is  client  X 
comes  up  to  me  and  says, ‘We’ve  implemented 
a  blog,  no  one’s  using  it,  we  implemented  a 


Six  mistakes  to  avoid 

1.  Don’t  ignore  accountability  and 
responsibility. 

2.  Don’t  think  of  Web  2.0  as  a  passing 
fad. 

3.  Don’t  try  to  solve  all  with  Web  2.0. 

4.  Build  it  with  a  business  purpose  in  mind. 

5.  Don't  overengineer —  build  for 
adoption. 

6.  Don’t  set  too  many  restrictions. 


wiki,  everyone’s  using  it,  and  nothing’s  working 
right,”’  said  Tom  Austin,  a  Gartner  fellow.  “The 
biggest  problem  with  Enterprise  2.0  is  thinking 
about  it  as  ‘what  product  do  I  buy  and  how 
many  people  are  using  it.’ This  isn’t  an  issue  of 
provisioning  telephone  service.” 

Web  2.0  is  coming  into  your  business 
whether  you  want  it  to  or  not,  because  the  line 
between  work  and  personal  lives  is  blurring 
and  digital  natives  —  young  people  —  are 

See  Gartner,  page  47 


Level  3 


One  network  with  the  power  to  connect  them  all.  Keeping  pace  with  the  digital 

demands  of  your  customers  requires  more  than  a  simple  solution.  It  demands  access  to  a  global  content  delivery  portfolio 
from  a  leading  IP  network.  An  open  highway  for  transmitting  everything  from  major  sporting  events  to  live  news  and 
user-generated  content.  Trusted  to  deliver  content  where  it  needs  to  go,  no  matter  what  form  it  takes.  Learn  more  by 
downloading  the  Heavy  Reading  whitepaper  "Internet  Video  Driving  Next  Generation  CDNs,"  at  www.level3connects.com. 


More  ways  to  consume 
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PCI 

continued  from  page  1 

Toronto  —  the  first  meeting  of  its  kind  to 
bring  the  council’s  membership  and  certified 
PCI  security  providers  together  —  the  300 
attendees  got  a  sneak  peek  at  the  new  set  of 
best-practices  guidelines  for  application 
security  that  the  council  intends  to  publish 
by  year-end. 

“These  will  be  guidelines  for  designing  appli¬ 
cations  in  a  secure  manner’’ said  attendee  Joe 
Lindstrom,  senior  director  for  professional  ser¬ 
vices  at  Symantec,  a  QSA  accredited  by  the 
council  to  perform  on-site  evaluations  of  busi¬ 
nesses  handling  card-payment  data  to  deter¬ 
mine  whether  sensitive  information  is  being 
processed  or  stored  appropriately  as  defined 
by  PCI  DSS  1.1. 

Lindstrom  said  the  new  application-security 
guidelines  are  under  discussion  by  the  council 
as  something  that  would  take  effect  in  the 
fourth  quarter  of  next  year  as  a  requirement 
above  and  beyond  PCI  DSS  1.1. 

“These  will  be  guidelines  to  designing 
applications  in  a  secure  manner,”  Lindstrom 
said.  The  new  PCI  rules  would  pertain  to 
applications  developed  in-house  or  those 
acquired  by  certified  application  providers, 
he  added.  In  addition,  an  emerging  standard 
for  PIN-entry  devices  for  card  processing  is 
coming. 

The  12  requirements  of  PCI  DSS  1.1  include 
encryption  of  cardholder  data,  as  well  as  more 
general  enterprise  mandates  to  use  antivirus 
software  and  application-layer  firewalls  and  to 
conduct  periodic  vulnerability  assessments 
(see  chart). 

The  council’s  Toronto  meeting  was  closed  to 
the  press,  with  a  council  representative  indicat¬ 
ing  the  Wakefield,  Mass.-based  organization 
anticipates  making  official  comment  this  week 
on  the  future  of  the  PCI  standards. 

Big  spenders 

Businesses  that  handle  card-payment  data 
say  they  are  spending  mightily  to  hire  QSAs  to 
prove  they  meet  PCI  DSS  1.1. “PCI  crosses  any 
and  all  aspects  of  the  organization,”  said  Peter 
Clark,  director  of  information  systems  at 
Jordan’s  Furniture,  a  retailer  with  stores  in 
Massachusetts  and  New  Hampshire.  “It’s  a  big 
canopy  that  covers  everything.” 

Clark  said  the  company  is  being  certified  for 
PCI  compliance  by  AmbironTrustwave,a  certi¬ 
fied  QSA.“A11  of  this  needs  to  be  completed  by 
Oct.  l,”he  said.“lt’s  a  priority’ 

Jordan’s  Furniture  has  spent  almost  $100,000 
in  the  PCI  compliance  process  to  make 
changes  the  company  hopes  will  result  in  a 
good  report  that  will  be  shared  with  Visa, 
MasterCard  and  the  retailer’s  acquiring  bank, 
First  Data  Merchant  Services. 

Sean  Smith,  the  director  of  strategic  technol¬ 
ogy  services  at  Indianapolis-based  restaurant 
chain  Steak  n  Shake, said  his  company  also  has 
an  imperative  to  meet  the  Sept. 30  deadline  for 
PCI  compliance. 


Hie  digital  dozen  of  credit 
card  compliance 

Merchants  must  employ  the 
following  to  complying  with  the 
Payment  Card  Industry  (PCI)  Data 
Security  Standard: 

1.  Install  and  maintain  a  firewall 
configuration  to  protect  cardholder 
data. 

2.  Forbid  the  use  of  vendor-supplied 
defaults  for  system  passwords  and 
other  security  parameters. 

3.  Protect  stored  cardholder  data. 

4.  Encrypt  transmission  of  cardholder 
data  across  open,  public  networks. 

5.  Use  and  regularly  update  antivirus 
software. 

6.  Develop  and  maintain  secure  systems 
and  applications. 

7.  Restrict  access  to  cardholder  data  by 
business  need-to-know. 

8.  Assign  a  unique  ID  to  each  person 
with  computer  access. 

9.  Restrict  physical  access  to  cardholder 
data. 

10.  Track  and  monitor  all  access  to 
network  resources  and  cardholder 
data. 

11.  Regularly  test  systems  and 
processes. 

12.  Maintain  a  policy  that  addresses 
information  security. 


With  the  approval  of  its  bank,  Fifth  Third 
Bank  in  Cincinnati,  Steak  n  Shake  is  exercis¬ 
ing  an  option  under  the  PCI  compliance 
rules  that  permit  PCI  self-assessment  when 
the  corporation  has  sufficient  audit  staff 
and  the  top  management  is  willing  to  sign 
off  on  the  results. 

There  may  be  some  modest  savings  in  this, 
Smith  said,  but  the  self-assessment  process  has 
been  lengthy,  starting  in  August  2006  and  not 
yet  complete. 

“We  have  500  locations,  and  identifying  the 
gaps  and  proposing  remediation  took  three 
months,”  Smith  said.  “Now  we’re  rolling  the 
technological  controls  out  into  the  field,  such 
as  host  intrusion  prevention  on  laptops, 
antivirus,  patch  management.” 

The  main  thrust  has  been  to  bring  the  secu¬ 
rity  at  approximately  500  Steak  n  Shake  restau¬ 
rants,  most  of  which  are  company-run,  up  to 
the  level  of  the  corporate  headquarters  to 
meet  the  PCI  compliance  requirements. 

Smith  said  failure  to  achieve  this  could  result 
in  fines  of  $25,000  to  $50,000  per  month  and  a 
possible  hike  in  card-processing  fees.  He  said 


he’s  not  surprised  that  additional  PCI  require¬ 
ments  may  be  on  the  way,  and  anticipates  that 
PCI  will  be  an  annual  review  process. 

Symantec’s  Lindstrom  acknowledged  PCI 
compliance  can  be  an  expensive  process, 
calling  PCI  the  Sarbanes-Oxley  of  the  card¬ 
processing  world. 

Fees  for  PCI-compliance  evaluation  run 
“from  as  low  as  $20,000  to  over  half  a  million 
dollars,”  Lindstrom  said.  When  businesses 
select  a  QSA,  the  first  step  typically  is  a  basic 
security  evaluation,  carried  out  in  tandem 
with  business  managers,  to  determine  where 
the  business  might  be  “deficient  and  fall  short 
of  compliance.” 

Remediation  to  bring  the  organization  up  to 
PCI  compliance  then  starts.  If  the  process  runs 
smoothly  it  could  take  a  few  weeks,  but  some 
companies  don’t  make  it  through.  “Some  fail,” 
Lindstrom  said. 

Getting  a  letter 

PCI  compliance  often  kicks  off  in  earnest 
with  a  letter  from  the  bank  to  the  merchant. 
That’s  what’s  happened  in  the  last  few  weeks 
at  the  Philharmonic  Center  for  the  Arts  in 
Naples,  Fla.,  which  has  500  employees  and 
handles  about  $16  million  per  year  in  trans¬ 
actions. 

The  Philharmonic  is  not  a  top-volume 
card-processing  merchant,  so  it  doesn’t  have 
to  meet  this  year’s  PCI  compliance  dead¬ 
lines,  but  it  may  be  among  those  facing  a 
deadline  of  next  year. 

“Our  credit  card  processors  are  pressuring 
our  finance  manager’’  said  Anthony  Garmont, 
the  Philharmonic’s  network  administrator. “The 
pressure  is  increasing  every  day  but  as  far  as  a 
specific  date,  I  don’t  knowT 

The  arts  organization  already  follows  PCI 
rules,  such  as  regular  vulnerability  scan¬ 
ning,  with  its  provider  Alert  Logic.  Garmont 
said  he  finds  a  lot  of  the  language  associat¬ 
ed  with  PCI  to  be  “ambiguous  and  open  to 
interpretation,”  but  added  there’s  no  ques¬ 
tion  the  PCI  evaluation  process  will  be  get¬ 
ting  underway. 

PCI  is  “forcing  organizations  to  go  look  in  the 
nooks  and  crannies  of  decades  of  systems  inte¬ 
gration,”  said  Mike  Urban,  senior  director  of 
fraud  solution  at  Fair  Isaac,  which  makes  prod¬ 
ucts  that  detect  credit  card  fraud.The  evolution 
of  PCI  is  extending  the  compliance  mandate 
into  areas  such  as  point-of-sale  terminals, 
where  new  requirements  may  mean  retiring 
older  ones. 

“The  new  ones  are  more  secure  against  tam¬ 
pering,”  Urban  said.  “There  are  several  million 
point-of-sale  devices,  and  getting  them  all 
upgraded  will  be  a  challenge.”* 
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The  Internet  can't  hide  from 
the  AT&T  LaptopConnect  Card 


Tired  of  playing  hide  and  seek  with  the  Internet?  Get 
the  AT&T  LaptopConnect  Card  and  easily  access  the 
Internet  at  mobile  broadband  speeds  when  you're  out 
of  the  office,  on  the  road,  away  from  hotspots. 


>  Delivers  mobile  broadband  speeds  in  more  than 
165  major  U.S.  markets  and  more  cities  worldwide 
than  any  other  U.S.  carrier. 

>  Send  and  receive  email,  download  large 
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Making  better  proccesses  pay  off 

IT  managers  share  tips  for  deploying  ITIL,  other  best-practices  frameworks 


BY  DENISE  DUBIE 

CHARLOTTE,  N.C. — There  are  plenty  of  rea¬ 
sons  to  streamline  IT  processes  using  best- 
practices  frameworks,  such  as  the  IT 
Infrastructure  Library  But  knowing  the  rea¬ 
sons  doesn’t  make  it  any  easier  to  do. 

“You  hear  a  lot  of  people  talk  about  how 
standardizing  processes  and  adopting  best 
practices  in  IT  is  just  common  sense.  And  it  is,” 
said  Rafael  Rodriguez,  associate  CIO  of  acad¬ 
emic  and  infrastructure  services  at  Duke 
Health  Technology  Solutions,  part  of  Duke 
Medicine  in  Durham,  N.C.“But  it’s  hard  for  me 
to  follow  a  good,  healthy  lifestyle.  It’s  not 
because  I  don’t  know  what  to  do,  [but 
because]  it  requires  cultural  change,  and  that 
can  be  the  hardest  thing  to  effect.” 

Rodriguez  was  among  the  IT  managers  who 
spoke  last  week  at  the  itSMF  USA  Fusion  2007 
conference,  where  close  to  2,000  attendees 
heard  how  such  companies  as  Mary  Kay  GM 
and  Wells  Fargo  made  IT  service-management 
improvements  happen  in  their  environments. 
Here  are  some  of  the  lessons  these  companies 
learned  along  the  road  to  success. 

1.  Get  upper  management’s  support.  It’s  a 
common  refrain,  but  the  need  for  support  from 
upper  management  is  critical  in  a  project  that 
could  involve  nearly  all  aspects  of  IT.  Until  a 
new,  supportive  CIO  came  on  board,  David 
Farris  said  for  five  years  he  hit  a  cultural  road¬ 
block  with  management  and  staff  while  work¬ 
ing  to  get  ITIL  processes  in  place. 

“A  single  ITIL  champion  cannot  succeed 
alone,”  said  Farris,  who  is  manager  at  the  U.S. 
Department  of  Agriculture’s  Animal  Plant 
Health  Inspection  Service,  in  Riverdale,  Md.To 
keep  momentum  on  such  a  project  going, 
champions  must  “spend  time  and  effort  to  con¬ 
vince  and  motivate  others  to  participate.” 

2.  Tie  best-practices  adoption  to  specific 
business  goals.  Configuration  management 
meant  nothing  to  business  leaders  until  Joseph 
Kennedy  explained  that  adopting  better 
processes  around  this  IT  discipline  would 
make  sure  applications  at  State  Street  in  Boston 
were  available  when  needed. 

“I  had  to  take  everything  I  know  about  the 
technology  and  translate  it  into  something  rel¬ 
evant  to  the  business,” said  the  vice  president  of 
technology  architecture  and  R&D.The  discus¬ 
sion  became  about  resource  improvements, 
fewer  outages,  more  transparency  and  better 
responsiveness  from  IT  to  the  business.” 

The  same  goes  for  Steve  Moore,  technology 
leader  at  Mary  Kay  Cosmetics  in  Dallas,  who 
said  explaining  to  business  managers  how 
consolidating  systems,  applications  and 
processes  would  streamline  IT  operations 
wasn’t  as  effective  as  telling  them  how  the 
move  to  better  processes  would  let  Mary  Kay, 


Mary  Kay  Cosmetics’  Steve  Moore 
says  a  “master  version  of  the  truth” 
will  help  IT  operations  do  their  part  as 
a  company  expands. 

for  example,  open  a  location  in  Bangalore, 
India,  more  quickly. 

“The  business  is  growing  fast  and  having  a 
master  version  of  the  truth  would  make  it  eas¬ 
ier  to  bring  other  locations  on  board  and  keep 
them  standardized  globally’  Moore  said. 

3.  Tailor  best-practices  adoption.  Duke 
Medicine’s  Rodriguez  said  IT  shops  can  fail  at 
rolling  out  best  practices  when  they  focus  on 
accomplishing  all  the  goals  associated  with 
ITIL  or  Control  Objectives  for  Information  and 
Related  Technology  and  lose  sight  of  goals  spe¬ 
cific  to  their  organization. 

“We  have  been  working  to  improve  opera¬ 
tions  since  before  ITIL  came  into  our  picture. 
We  are  implementing  IT  service  management 
and  ITIL  is  a  means  by  which  we  are  doing 
that,”  Rodriguez  said. 

4.  Understand  process  interdependencies. 
ITIL  introduced  the  concept  of  a  configuration- 
management  database  (CMDB)  to  IT  service 
managers,  and  now  putting  a  CMDB  in  place  is 
a  priority  of  many  enterprises.  But  Peggy 
Ranney  change  manager  at  American  Family 
Insurance  in  Madison,  Wis.,  pointed  out  that 
change  management  technology  is  a  prerequi¬ 
site  for  establishing  a  federated  repository  of  all 
configuration  items  in  your  environment. 

“Change  management  is  needed  to  keep  the 
CMDB  current,”  Ranney  said. “It  was  necessary 
to  implement  change  and  configuration  man¬ 
agement  together!’ 

5.  Put  people  before  technology.  Rodriguez 
warned  show  attendees  to  wait  to  acquire 


process-related  technology  until  the  right  peo¬ 
ple  and  processes  are  in  place.“We  in  IT  often 
suffer  from  technology  arousal,  in  which  we 
think  there  are  all  these  tools  and  if  I  just  had 
them,  it  would  solve  all  my  problems,”  he  said. 
“That  is  how  stupid  decisions  get  made.” 

6.  Mature  to  your  desired  level.  The  asset 
management  processes  Mary  Kay  has  in  place 
put  it  at  about  80%  success,  according  to  ITIL 
standards  —  which  is  just  fine  with  Moore. 
Citing  financial  and  other  factors  behind  Mary 
Kay’s  choice,  Moore  explained  IT  managers 
shouldn’t  try  to  reach  goals  that  aren’t  neces¬ 
sary  for  their  organization.  “The  reality  is  we 
didn’t  need  the  Cadillac  of  asset-management 
tools  to  obtain  our  goals,”  he  said. 

7.  Automate  where  possible.  A  side  benefit  of 
streamlining  processes  is  being  able  to  auto¬ 
mate  redundant  tasks  and  ultimately  improve 
application  uptime.“To  operate  in  today’s  envi¬ 
ronments,  IT  managers  have  to  be  experts  in 
multiple  disciplines  and  code  on  the  fly  and 
that  is  not  realistic.  Code  quality  has  gone  way 
down  over  the  year  because  of  it,”  said  State 
Street’s  Kennedy  “Automating  the  processes 
around  configuration  management  helps 
ensure  applications  are  configured  consistent¬ 
ly  and  are  available  to  the  end  client.” 

8.  Quantify  the  cost  of  noncompliance. 
Moore  said  IT  staff  in  his  company  typically 
address  problems  brought  up  to  them  in  the 
hallway,  at  the  water  cooler  or  at  lunch  with¬ 
out  putting  the  service  request  into  the  trou¬ 
ble-ticketing  system.  “It  seemed  very  un-Mary 
Kay-ish  to  some  people  to  say  no  to  requests 
made  in  an  unofficial  wa^’he  said. 

To  keep  staff  committed  to  using  the  pro¬ 
cesses,  Moore  said  he  provided  downtime 
metrics  to  IT  managers  who  made  a  change 
or  fixed  an  issue  outside  of  the  system.  “I 
was  able  to  directly  tie  recorded  downtime 
or  cost  with  data  about  the  unrecorded 
change  and  show  how,  if  it  had  been  done 
according  to  standard  process,  the  overall 
system  would  not  have  been  negatively 
impacted, ”he  said. 

9.  Measure  and  adjust.  Though  it  can  be  hard 
to  associate  process  improvements  with  ROI, 
American  Family  Insurance’s  Ranney  said  a 
project  cannot  move  forward  unless  proper 
measurements  are  taken.  “Measuring  the  suc¬ 
cess  of  new  processes  is  critical  to  the  overall 
success  of  the  initiative,”  she  said. 

Duke  Medicine’s  Rodriguez  agreed  that  post¬ 
deployment  measurements  are  important  and 
should  include  feedback  from  users.“You  have 
to  see  these  from  their  perspective”  because 
improving  processes  and  cutting  costs  are  only 
part  of  the  goal,  Rodriguez  said.  IT  service- 
management  process  improvements  are  about 
better  service  delivery  to  the  IT  client.  ■ 
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CONSERVE  POWER 

Oversized  legacy  system 
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your  infrastructure  so  that  you 
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COOLING 
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Introducing  the  Efficient  Enterprise: 
more  power,  more  control,  more  profits 

Can  your  legacy  system  say  the  same? 

Legacy  systems  work  fine  for  brute-force  cooling  the  entire  room, 
but  skyrocketing  energy  costs  make  them  fiscally  irresponsible  and  their 
fundamentally  oversized  design  makes  them  incapable  of  meeting  today's 
high-density  challenges.  Even  worse,  power  and  cooling  waste  may  actually 
prevent  you  from  purchasing  much-needed  new  IT  equipment.  Simple  problem, 
simple  solution.  Cut  your  power  and  cooling  costs  and  use  the  savings  to  buy 
the  IT  equipment  you  need. 

According  to  Gartner  Research,  50%  of  all  data  centers  built  before  2002  will 
be  obsolete  by  2008  because  of  insufficient  power  and  cooling  capabilities. 
Power  and/or  cooling  issues  are  now  the  single  largest  problem  facing  data 
center  managers. 

There's  only  so  much  power  and  money  to  go  around 

Your  service  panel  limits  the  amount  of  power  available.  Your  budget  limits  the 
amount  of  money.  You  have  to  stretch  every  bit  of  both  as  far  as  you  can. 

What  you  need  is  the  APC  Efficient  Enterprise’" 
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AGAINST  HARDWARE  DAMAGE  TO  YOUR  SYSTEM 

WORLD'S  ONLY  THERMAL  GUARANTEE 

The  Efficient  Enterprise "  cooling  is  so  predictable, 
we  guarantee  it.  Implement  an  InfraStruXuref® 
solution  with  hot  air  containment  and  close- 
coupled  cooling  and  be  eligible  for  our  $150,000 
Thermal  Guarantee™- the  industry's  only  heat 
defense  policy. 


CONTAIN  THE  HEAT 

Ensure  cooling  efficiency  by  containing  the  heat 
and  eliminating  expensive  temperature  cross- 
contamination.  Our  Hot  Aisle  Containment  System 
reduces  operational  expenses  by  as  much  as  50% 
over  legacy  approaches. 
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The  APC  solution  offers  modular  scalability  so  that  you  pay  only  for  what  you 
use;  capacity  management  so  that  you  know  where  to  put  your  next  server; 
and  dedicated  in-row  and  heat-containment  systems  that  improve  cooling 
and  thermal  predictability.  An  Efficient  Enterprise  earns  you  money  through 
the  pre-planned  elimination  of  waste.  For  example,  simply  by  switching 
from  room-  to  row-oriented  cooling,  you  will  save,  on  average,  35%  of  your 
electrical  costs. 

Our  system  reimburses  you 

Whether  you're  building  a  new  data  center  or  analyzing  the  efficiency  of 
existing  systems,  your  first  step  is  knowing  where  you  stand.  Take  the  online 
Enterprise  Efficiency  Audit  to  see  how  you  can  reap  the  benefits  of  a  smart, 
integrated,  efficient  system:  more  power,  more  control,  more  profits. 
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TECH  UPDATE 

An  inside  look  at  technologies  and  standards 


Using  virtualization  to  boost  efficiency 


BY  RICH  LECHNER 

The  U.S.  Environmental  Protection  Agency  recently  proclaimed  that 
data  centers  consumed  61  billion  kilowatt-hours  of  electricity  in 
2006.  That’s  roughly  1.6%  of  total  U.S.  electricity  consumption  and  is 
worth  about  about  $4.5  billion.  Assuming  current  trends  continue,  by  2011 
the  national  energy  consumption  by  data  centers  is  expected  to  nearly 
double,  making  energy  efficiency  a  top  priority  for  CIOs. 


One  technology  that  can  help  companies  in¬ 
crease  efficiency  is  virtualization,  which  can 
play  multiple  roles  in  the  data  center. 

Virtualization  makes  it  possible,  for  example, 
to  divide  a  single  server  into  smaller  virtual 
servers,  or  pool  smaller,  individual  machines  so 
they  can  perform  as  one  larger  system.  Gartner 
estimates  that  more  than  90%  of  companies 
using  virtualization  are  doing  so  to  reduce  x86 
server  space  and  costs.  In  fact,  the  company 
estimates  that  virtualization  cut  the  x86  server 
market  by  4%  in  2006. 

Power  savings  can  be  even  greater  when  ad¬ 
dressing  storage  assets.  Storage  resources  — 
which  1DC  says  are  growing  50%  per  year  — 
are  among  the  largest  consumers  of  energy  in 
the  data  center,  in  most  cases  consuming  13 
times  more  power  than  processors.  What’s 
more,  use  of  storage  assets  is  often  25%  or  less, 
making  this  environment  almost  as  inefficient 
as  x86  servers.  Storage  virtualization  can  drive 
up  use  rates  from  25%  to  60%  or  more. 

Applying  virtualization  technologies  across 
all  system  assets,  including  servers,  storage  and 
network  devices,  can  allow  companies  to  tap 
into  unused  capacity  without  adding  resources 
that  draw  more  power.  The  most  energy-effi¬ 
cient  equipment  is  equipment  that’s  no  longer 
in  use,  whether  it’s  a  server,  a  router  or  a  storage 
device. 

Achieving  that,  however,  requires  centralized 
management  of  virtual  and  physical  devices, 
because,  while  virtualization  helps  address 
cost  through  consolidation  of  physical  re¬ 
sources,  it  adds  complexity  by  increasing  the 
number  of  virtual  resources  that  need  to  be 
managed. 

Gaining  a  more  accurate  understanding  of 
the  relationships  among  physical  and  virtual 
resources  enables  administrators  to  manage 
the  infrastructure  in  a  more  integrated,  holistic 
way  Systems-management  virtualization  tools 
that  manage  all  resources  —  physical  and  vir¬ 
tual  —  can  help  manage  the  resources  in  an 
integrated  fashion  from  a  single  dashboard, sig¬ 
nificantly  reducing  the  number  of  tools  re¬ 
quired  and  the  cost  of  administration  to  sup¬ 
port  multiple  types  of  servers. These  tools  can 
also  help  relocate  virtual  servers  automatically 


in  order  to  take  advantage  of  lower  utilization 
rates  and  help  administrators  inventory  server 
and  storage  devices,  monitor  the  health  of 
these  devices,  manage  maintenance  and  pre¬ 
vent  downtime. 

However,  a  common  problem  organizations 
face  is  the  difficulty  in  determining  how  and 
for  what  purposes  employees  are  using  virtual 
resources.To  drive  a  successful  energy-efficient 


program,  you  should  be  able  to  identify  which 
resources  are  used  and  whether  they  are  phys¬ 
ical  or  virtual. 

IT  chargeback  methodologies  can  also  help 
improve  IT  accountability  and  resource  align¬ 
ment.  Existing  tools,  for  example,  can  monitor 
use  of  applications,  servers  and  other  IT  re¬ 
sources,  so  organizations  that  wish  to  consoli¬ 


date  and  virtualize  servers  can  accurately 
charge  for  related  use. 

Factoring  virtualization  into  chargeback 
processes  not  only  enhances  the  process  by 
more  tightly  mapping  companies’  resources 
to  business  units,  but  also  allows  them  to 
stretch  their  budgets  to  focus  on  energy-effi¬ 
cient  programs. 

The  energy  issue  hasn’t  escaped  the  atten¬ 
tion  of  power  companies  or  government  orga¬ 
nizations.  More  than  80  local  utility  and  state 
energy-efficiency  programs  are  offering  re¬ 
bates  for  increasing  energy  efficiency  Pacific 
Gas  and  Electric  of  California,  for  example,  has 
approved  a  plan  to  reimburse  part  of  the  costs 
for  server-  and  storage-consolidation  projects, 
including  software,  hardware  and  consulting, 
up  to  a  maximum  of  $4  million  per  customer. 

An  energy-efficient  data  center  is  not 
optional  today  —  it  is  a  necessity  And  virtual¬ 
ization  technologies  can  lead  to  power  sav¬ 


ings  that  result  from  consolidating  hardware 
and  improving  utilization  rates,  providing  you 
also  adopt  proper  management  tools  and 
methodologies. 

Lechner  is  vice  president,  IT  Optimization  at 
IBM.  He  can  be  reached  at  GoGreen@ 
us.ibm.com. 
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■HUUNHIH, 


INFRASTRUCTURE  LOG 


.DAY  89:  Our  power  and  cooling  costs  are  out  of  control! 
These  boxes  throw  off  so  much  heat.  The  energy  costs  are 
staggering.  We’re  spending  the  bulk  of  our  IT  budget  just 
keeping  the  data  center  cool.  I  told  Gil  we  need  to  go 
green  in  a  big  way. 

.DAY  91:  Gil  made  the  data  center  green.  Kelly  green,  to 
be  exact.  There’s  got  to  be  a  better  way. 


PHP,  WAMP  and 

Last  week  in  Gearhead  (www.nwdocfinder 
.com/1725)  I  discussed  the  struggle  to  get 
my  hosting  provider  to  give  me  a  server  with 
the  version  of  PHP  I  needed  to  run  a  PHP-based 
groupware  system. 

A  remarkable  number  of  you  wrote  in  with  rec¬ 
ommendations.  Reader  Darrow  Cole  (Los  An¬ 
geles)  recommended  a  different  hosting 
provider,  Knownhost,  and  reminded  me  about 
Web  Hosting  Talk,  a  useful  resource  for  discovering  who  provides  ser¬ 
vices  and  how  much  their  clients  love  or  hate  them. 

Another  early  responder  was  Network  Worlds  own  Lord  of  the  Revels, 
Dave  Kearns,  who  recommended  first  testing  PHP  scripts  under  WAMR 
at  http://www.wampserver.com/en/. 

The  latest  version,  WAMP5,  is  an  installer  that  (du’oh)  installs  and  con¬ 
figures  Apache  1.3.31,  PHP5,  MySQL  database,  PHPmyadmin  and  SQLite- 
manager  on  Windows.  Voila!  An  instant  test  environment  offered  as 
donate-if-you-want-to-ware. 

By  the  way:  When  you  install  WAMP  in  a  virtual  machine  under  VM- 
ware  and  use  the  snapshot  feature,  you  have  a  fantastic  mechanism  for 
testing. Snapshots  let  you  save  a  virtual  machine  in  a  specific  state,  which 
means  you  can  have  both  fast  start-ups  and  known  configurations  for 
chasing  down  problems. 

Reader  Michael  Moro  recommended  an  alternative  to  WAMP:  XAMPP 
which  in  addition  to  PHP  also  installs  Perl  and  does  so  not  only  on 
Windows  but  also  on  Linux,  OS  X  and  Solaris. 

I  tried  out  both  systems  with  an  eye  to  jump-starting  the  PHP-based 
software  that  had  originally  sent  me  down  this  dark  path,  Simple 
Groupware. 

Installing  WAMP  is  extremely  easy  and  installation  of  Simple  Group- 
ware  was  just  as  simple  —  I  just  copied  the  files  unpacked  from  the  dis- 


XAMPP,  oh  my 

tribution  archive  to  a  subdirectory  under  WAMP’s  default  root.  When  I 
loaded  the  WAMP  default  home  page,  there  was  the  new  subdirectory 
listed  as  a  “project.” 

Clicking  on  the  new  project  link  on  the  WAMP  home  page  caused  the 
Simple  Groupware  setup  page  to  run,  but  it  immediately  noted  that  I 
needed  to  change  the  maximum  memory  parameter  in  php.ini  from 
8MB  to  16MB.  It  also  noted  that  I  was  missing  a  PHP  extension  named 
php_gd.dll  and  needed  to  install  it.  That  was  odd  because  its  upgrade, 
php_gd2.dll,  was  already  installed  by  default  and  the  Simple  Groupware 
documentation  implies  that  either  will  work. 

As  much  as  Id  love  to  chase  down  why  php_gd2.dll  wasn’t  recognized, 
I’m  a  busy  guy  and  I  have  an  editor  waiting  ...  so,  let’s  try  XAMPP 

Again,  like  WAMPXAMPP  is  an  easy  installation  although  it  takes  about 
twice  the  time  for  the  installer  to  simply  copy  files.  But  the  system 
includes  Mercury  Mail  which  is  an  SMTRP0P3  and  IMAP4  server.  Cool. 

So  I  move  the  Simple  Groupware  subdirectory  from  the  WAMP  Web 
root  to  the  XAMPP  root.  On  loading  the  Simple  Groupware  setup  page,  it 
immediately  becomes  obvious  that  XAMPP  is  noticeably  slower  than 
WAMP  but  at  least  the  php_gd  issue  doesn’t  appear.  But  when  the 
installer  page  for  Simple  Groupware  runs,  I  keep  getting  timeouts, 
because  the  script  is  taking  more  than  60  seconds  to  run. 

I  set  the  maximum  timeout  value  in  php.ini  to  120  seconds,  but  I  still 
get  a  60-second  timeout  error  despite  restarting  the  server  several  times. 
Finally  I  resort  to  setting  the  Apache  server  priority  using  Process 
Explorer  to  “high”  (that’s  the  next  level  above  “above  normal”),  and  the 
setup  completes. 

After  all  that, there’s  another  few  minutes  of  configuration  and  . .  .well, 
next  week  we’ll  find  out  whether  Simple  Groupware  lives  up  to  its  name. 

Gibbs  struggles  with  his  daemons  in  Ventura,  Calif.  Exorcise  his  woes  at 
gearhead@gibbs.  com. 


Another  DEMO, 

If  it’s  September,  it  must  be  DEMOfall,  in  which 
I  get  another  opportunity  to  see  what’s  hot  in 
the  world  of  start-ups  and  innovation.  While 
there  are  lots  of  new  products  and  services  for 
the  enterprise  launching  at  this  week’s  show  in 
San  Diego  (see  page  12), for  me  it’s  always  about 
seeing  the  cool  stuff.  (Disclaimer:  The  Network 
World  events  team  runs  the  DEMO  events). 

A  total  of  70  companies  will  be  launching  at  this 
year’s  show.  Here’s  a  quick  look  at  the  ones  in  the  consumer  or  small-to- 
midsize-business  market  that  1  think  have  a  shot  at  becoming  the  “next 
big  thing.” 

Velio:  The  company’s  service  lets  users  create  instant  telephone  con¬ 
ferences  without  having  to  use  special  phone  numbers  or  create  per¬ 
sonal  identification  numbers  that  attendees  need  to  store  in  an  e-mail  or 
memorize.  After  a  conference  initiator  creates  a  conference  through  the 
Vello.com  Web  site  (or  BlackBerry),  the  service  automatically  calls  all 
participants  at  the  scheduled  time  of  the  conference  and  automatically 
connects  them  to  the  call. 

MyQuire:  Two  words  that  scare  the  heck  out  of  me  are  “project  man¬ 
agement,”  yet  I  have  many  projects  at  work  and  at  home  that  require 
additional  people  to  complete.  MyQuire  aims  to  bring  project  manage¬ 
ment  (the  company  prefers  the  term  “online  coordination”)  to  the  mass¬ 
es  through  a  visually  pleasing  interface  that  merges  social-networking 
concepts  with  Web-based  collaboration,  real-time  conferencing  and 
Web-based  file  storage. 

SceneCaster  If  you  ever  enjoyed  building  3-D  rooms  or  buildings  in  the 
game  “The  Sims”  or  in  the  Second  Life  virtual  world,  you’ll  likely  want  to 
delve  into  SceneCaster,  which  lets  you  build  virtual  “scenes”  but  without 
having  to  learn  a  complicated  programming  language.  With  easy  drag- 
and-drop  tools  and  a  browser-based  interface,  SceneCaster  will  let  users 
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create  their  own  virtual  spaces,  whether  they’re  representations  of  a  real- 
life  living  rooms  or  fantasy  landscapes. 

Fluid  Innovations:  Online  prediction  markets  have  been  around  for  a 
while,  but  the  VirtualVentures.com  “game”  from  Fluid  Innovations  takes  it 
a  step  further  —  asking  participants  to  predict  what  types  of  enterprise 
software  technologies  will  succeed  in  the  marketplace.  Think  of  it  like 
playing  the  game, “Who  Wants  to  be  a  Venture  Capitalist?” 

Vyro  Games:  The  company’s  Personal  Input 
Pod  (PiP)  will  breathe  stress-free  air  into  the 
world  of  video  games.  Instead  of  games  that 
get  you  stressed  out  and  have  you  reach  a  goal 
through  action,  the  Vyro  Games  and  hardware 
device  (the  PiP  fits  between  your  index  finger 
and  thumb)  require  that  users  be  relaxed  in 
order  to  succeed.The  games  will  offer  PC  users 
and  mobile  phone  owners  to  take  a  break 
from  a  busy  day  and  become  more  relaxed. 

Ncursion:  Combining  the  world  of  social 
networking  with  interactive  gaming,  Ncursion 
will  launch  its  MyGladiator.com  offering  for 
Facebook  users.  The  game  lets  players  create 
their  own  virtual  gladiator  to  take  on  other 
Facebook  users  in  a  virtual  battle-to-the-death, 
and  other  spectators  can  watch  the  matches 
and  bet  some  virtual  gold  on  the  outcome. 

Longer  profiles  of  each  of  these  companies 
and  more  will  be  online  at  www.networkworld.com.  Also,  be  sure  to 
check  out  DEMO  videos  at  www.demo.com,  as  well  as  Network  Worlds 
own  video,  blogging  and  podcast  coverage  of  this  week’s  show. 


Vyro’s  Personal 
Input  Pod  (PiP)  is 
a  stress  reliever. 


Shaw  can  be  reached  at  kshaw@nww.com. 
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Help  make  your  data  center  green  with 
IBM  Cool  Blue  technologies  and  energy 
management  services. 

Go  green  with  virtualization:  Advanced  server  and 
storage  virtualization  from  IBM  can  help  you  decrease 
your  number  of  boxes  and  lower  your  energy  usage. 

Go  green  with  energy  management:  IBM  Systems 
Director  can  give  you  active  energy  management 
to  help  you  track  and  cap  your  power  consumption.1 
It  can  help  you  see  and  regulate  how  much  power  the 
systems  in  your  data  center  are  really  using. 

Go  green  with  more  efficient  systems:  IBM  POWER  6 
processors  with  Advanced  Power  Virtualization  mean 
your  systems  can  use  less  energy  doing  the  same  amount 
of  work.2  For  instance,  consolidating  30  Sun  V890s  into 
one  rack  of  P0WER6-based  IBM  System  p™  570s  can  save 
you  over  $100K  a  year  in  energy  costs  alone.3 

Go  green  with  IBM:  IBM  Services  can  help  design  your 
datacenter,  holistically,  for  better  energy  usage.  With 
outstanding  technology  and  people  who  understand  what 
that  technology  can  do  for  your  business,  IBM  can 
help  make  your  data  center  green. 
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Learn  how  to  make  youndata  center  more  efficient. 

IBM.COM/TAKEBACKCONTROL/GREEN 
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1.  Currently  available  on  IBM  System  x  and  IBM  BladeCenter  servers.  Expected  to  be  available  on  IBM  System  i  and  System  p  server 
Directa^are  not  available  on  IBM  System  z.  2.  Advanced  Power  Virtualijlation  Is  optional  and  available  at  an  additional  charge.  3.  For  coi 

the  IS M  logo,  Cool  Blue.  POWER6,  System  p.  Take  Back  Control.  Syajfem  x,  BladeCenter,  System  i  and  System  z  are  trademarks  or  r<  jistered  trademarks  of  International  Business  Machines 
Corporation  in  the  United  States  and/or  other  countries.  ©2007  IBM  Corporation.  All  rights  reserved. 
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IBM  challenges  Office  with  free  apps 


BY  JOHN  FONTANA 

A  week  after  formally  joining  the  effort  to 
develop  the  productivity  applications  Open 
Office.org,  IBM  last  week  released  into  beta  its 
own  implementation  called  IBM  Lotus  Sym¬ 
phony  and  took  direct  aim  at  Microsoft  Office. 

IBM  is  making  the  suite  of  document, 
spreadsheet  and  presentation  applications 
available  free,  and  hopes  to  attract  business, 
academic,  government  and  consumer  users. 
The  company  has  not  announced  a  ship  date 
for  a  final  release  of  Symphony  which  is  based 
on  OpenOffice.org  1.2. 

But  identical  versions  of  the  applications  are 
shipping  as  embedded  tools  in  Notes  8,  which 
was  released  last  month. 

IBM  Lotus  already  has  a  suite  of  productivity 
tools  called  SmartSuite,  but  the  company  has 
not  made  any  investment  related  to  the  tools  in 
the  past  few  years  and  doesn’t  plan  to  start 
now,  according  to  company  officials. 

“Symphony  editors  are  the  strategic  invest¬ 
ment  going  forward,” said  Ed  Brill,  business  unit 
executive  for  worldwide  sales  at  IBM  Lotus.“We 
are  providing  import  filter  capabilities  so 
SmartSuite  files  can  be  brought  into  the 
Symphony  editors  and  be  carried  forward  with 
formats  like  Open  Document.” 

IBM  has  been  a  vocal  supporter  of  Open 
Document  Format  and  a  nagging  critic  of 


Microsoft/Ecma’s  competing  OpenXML  for¬ 
mat,  which  neglected  to  get  the  stamp  of  stan¬ 
dardization  from  the  ISO  two  weeks  ago. 

IBM’s  timing  for  its  renewed  push  into  the 
productivity  applications  market  is  no  coinci¬ 
dence,  and  it  puts  IBM  on  the  front  lines  to  bat¬ 
tle  Microsoft  Office,  Google,  Sun  and  others 
offering  free,  open  source  and  hosted  options 
on  collaboration  tool  sets  that  include  produc¬ 
tivity  applications  and  options  for  integration 
with  business  workflows  and  applications. 

IBM’s  announcement  came  a  day  after  Yahoo 
bought  Zimbra’s  collection  of  open  source  col¬ 
laboration  tools  for  $350  million  and  said  it  will 
target  university,  business  and  ISP  markets. 

IBM’s  Symphony  is  made  up  of  Lotus  Sym¬ 
phony  Documents,  Lotus  Symphony  Spread¬ 
sheets  and  Lotus  Symphony  Presentations.The 
same  core  applications  are  found  in  Microsoft 
Office  and  suites  from  Google,  Sun  (which  is 
also  based  on  OpenOffice.org)  and  others, 
such  as  Zoho. 

Symphony  applications  run  on  Windows  and 
Linux  and  support  multiple  file  formats,  most 
notably  the  Open  Document  Format,  but  also 
Microsoft  Office.  They  also  support  and  the 
ability  to  output  content  in  PDF  format. 

IBM  said  it  would  eventually  offer  paid  sup¬ 
port  around  Symphony  but  for  now  support  is 
being  delivered  via  Web  forum  and  communi¬ 


ty  support  tools  on  ibm.com. 

IBM  is  attacking  the  productivity  market  from 
the  desktop  side,  while  the  prevailing  vendor 
trend  today  is  to  offer  applications  that  live  on¬ 
line  and  are  accessible  from  anywhere. 

“There  are  different  approaches  in  the  mar¬ 
ket  going  on  now,  including  the  locally 
installed  rich-client  approach,  but  we  are 
aware  of  interest  in  software  delivered  as  a  ser¬ 
vice,  and  it  is  something  we  are  following,”  said 
IBM’s  Brill. 

In  January  IBM  Lotus  introduced  Lotus  Con¬ 
nections,  a  set  of  server-based  social-network¬ 
ing  services  accessed  over  a  network.  At  the 
time,  Lotus  said  it  was  working  on  another 
wave  of  social-networking  services  that  targets 
business  intelligence,  real-time  communica¬ 
tions  and  Web  2.0  applications. 

Also  Tuesday  IBM  introduced  an  e-mail-deliv- 
ery  service  around  hosted  Notes  messaging. 

“In  the  end,  I  want  both  offline  and  online 
capability”  says  Rob  Koplowitz,  an  analyst 
with  Forrester  Research. “I  want  online  capa¬ 
bility  because  a  hosted  app  is  accessible 
from  anywhere.  And  I  want  client-side  soft¬ 
ware  because  I  take  these  things  offline.  So 
ultimately  the  world  of  Google  and  the 
world  of  Symphony  have  to  come  together. 
And  ultimately  Microsoft  has  to  address  this 
as  well.”® 


IT  on  a  shoestring  budget 


A  few  weeks  ago,  Howard  Anderson  wrote  a 
column  titled,  “The  life  of  a  CIO:  It’s  not 
pretty”  (www.nwdocfinder.com/1726)  in 
which  he  used  the  example  of  his  friend  Gomez 
(not  his  real  name),  the  CIO  of  a  large  company 
If  the  job  Gomez  has  is  not  pretty,  then  it  must  be 
downright  ugly  to  be  the  CIO  of  a  large  non¬ 
profit  organization  (NPO). 

My  friend  Claire  (not  her  real  name)  heads  the 
IT  department  at  a  regional  NPO  that  serves 
more  than  80,000  people  in  Southeast  Texas. 
Claire  faces  many  of  the  same  technology  issues 
that  Gomez  does,  with  one  big  exception:  Her  budget  is  a  fraction  of  a 
corporate  IT  budget. 

Most  public-serving  NPOs  operate  on  a  shoestring,  given  that  their 
money  often  comes  from  grants,  donations  and  a  shrinking  share  of 
United  Way  contributions.  If  a  corporate  CIO  thinks  it’s  tough  to  tin-cup 
the  business  divisions  for  funds  for  that  great  new  project,  he  should  try 
raising  funds  by  selling  cookies  and  asking  the  public  for  donations. 

The  corporate  CIO  moans  when  he  has  to  stretch  his  PC  life  cycle  to 
three  or  four  years  before  buying  replacements.  Claire,  on  the  other  hand, 
is  grateful  to  receive  those  old  hand-me-downs  through  a  United  Way  pro¬ 
gram  that  funnels  “end  of  life”  corporate  equipment  to  NPOs.  Claire’s  staff 
supports  a  wide  variety  of  equipment  that  is  one  or  two  generations 
behind  today’s  technology. They  would  love  to  standardize  on  one  device 
or  even  one  vendor,  but  as  the  saying  goes,  beggars  can’t  be  choosers. 

Claire’s  NPO  has  100  or  so  employees  spread  across  multiple  loca¬ 
tions.  Some  would  like  to  work  from  home  but  can’t  because  they  aren’t 
able  to  access  office  systems  from  home  or  other  remote  locations.  The 
organization  is  trying  to  roll  out  VPN  service  for  all  employees,  but  bud¬ 
get  constraints  are  hampering  that  project. Claire  has  to  depend  on  soft¬ 
ware  licenses  structured  for  NPOs,  and  they  are  often  very  limiting  —  if 


they  are  available  at  all.  At  times,  she  doesn’t  have  the  luxury  of  choos¬ 
ing  her  software  applications  based  on  features  and  functions;  she  has 
to  acquire  whatever  can  fit  into  the  meager  budget. 

Claire  maintains  a  database  of  at  least  80,000  current  members  (cus¬ 
tomers)  and  another  couple  hundred  thousand  former  members. 
Every  customer  record  has  to  be  updated  or  archived  at  least  once  a 
year,  and  in  the  span  of  a  few  weeks  during  the  fall, she  adds  a  few  thou¬ 
sand  new  customers  to  the  database. This  kind  of  activity  puts  a  strain 
on  the  old  hand-me-down  servers,  but  somehow  they  manage. 

Disaster  recovery  planning  is  a  part  of  Claire’s  job,  too,  and  Southeast 
Texas  is  especially  prone  to  hurricanes  and  floods.  One  of  the  organi¬ 
zation’s  remote  locations  was  knocked  out  of  commission  two  years 
ago  by  Hurricane  Rita.  Fortunately  the  United  Way  of  the  Texas  Gulf 
Coast  provides  a  failover  site  in  the  event  Claire’s  NPO  encounters  prob¬ 
lems  again;  Sungard’s  services  are  too  expensive  for  her. 

Earlier  I  referred  to  the  IT  department.  It’s  really  just  a  handful  of  tal¬ 
ented  and  very  resourceful  people.  Claire  needs  a  bigger  staff,  but  — 
repeat  after  me  —  there’s  no  budget. While  I’m  not  privy  to  salary  infor¬ 
mation,  I’m  guessing  these  people  make  a  fraction  of  what  their  coun¬ 
terparts  in  corporate  America  make.  This  makes  it  tough  for  Claire  to 
attract  and  hold  on  to  good  talent.  If  Gomez  thinks  it’s  hard  to  find  good 
people  for  his  department,  he  should  cut  the  salaries  in  half  and  see 
who  accepts  his  job  offers. 

The  NPO  does  allocate  capital  funds  to  cover  major  expenditures. 
Still,  Claire’s  IT  wish  list  is  long.  I  have  the  utmost  respect  for  how  much 
she  manages  to  accomplish  with  practically  nothing  in  her  coffers.  So 
for  all  those  corporate  CIOs  who  think  their  lives  aren’t  pretty,  maybe 
they  need  another  benchmark. 

Musthaler  is  a  principal  analyst  at  Essential  Solutions,  a  Houston  tech¬ 
nology  assessment  firm.  She  can  be  reached  at  Imusthaler 
@essential-iws. 
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»  Hackers  love  company.  Your  company.  Today,  criminals  methodically  target  corpora¬ 
tions,  orchestrating  attacks  to  steal  confidential  information:  "Hacking  for  profit.” 

In  addition  to  stopping  worms,  viruses  and  phishers,  you  need  to  crush  these  new, 
systematic  assaults  —  from  botnets  to  trojans.  Juniper  Networks  comprehensive, 
cost-effective  threat  management  solutions  provide  uncompromising  defense  for  your 
network.  Only  Juniper  takes  a  uniquely  holistic  approach,  dispatching  dedicated  protec¬ 
tion  to  every  network  and  application  layer  vulnerability  and  making  any  network  more 
secure:  www.juniper.net/threatmanagement 
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One,  two,  three  screens  won’t  be  enough 


Paradigm  shifts  are  funny  things.  As 
Malcolm  Gladwell  points  out  in  his  best¬ 
selling  book,  The  Tipping  Point ,  often 
there’s  an  abrupt  transition  between  old  world¬ 
views  (or  behavior  patterns)  and  new  ones. 
Yesterday,  nobody  even  dreamed  of  phones 
that  take  pictures.  Today  you’re  lame  if  you 
don’t  have  a  cell  phone  camera. 

I  recently  noticed  that  AT&T  is  promoting  its 
“three-screen”vision  —  meaning,  in  essence, that 
the  Internet  will  reach  users  in  three  distinct 
ways:  the  TV  screen,  the  PC  screen  and  the 
mobile  device.  I  like  the  idea,  but  I  don’t  think  it 
goes  far  enough.  For  one  thing,  I  don’t  think  three  screens  (or  any  fixed 
number)  will  suffice. 

The  right  way  to  look  at  Internet  use,  in  my  book,  is  to  assume  that 
each  individual  owns  and  operates  a  number  of  Internet-connected 
devices:  one  or  more  phones  with  varying  bandwidth  capabilities  and 
applications  (voice,  video,  e-mail  and  so  forth);  one  or  more  PCs  with 
multiple  Internet  connections  (Wi-Fi,  wireline, 

Evolution  Data  Optimized);  and  one  or  more 
TVs  (given  that  most  households  have  more 
than  one  TY  though  most  aren’t  Internet-con¬ 
nected  yet). 

That’s  not  all.  Many  users  also  have  multiple 
network-attached  (or  capable)  devices,  which, 
while  they  don’t  connect  directly  to  the  Inter¬ 
net,  may  do  so  in  the  near  future:  cameras  with 
USB  links,  Ethernet-attachable  printers  and  so 
forth.  Cisco  senior  vice  president  and  general 
visionary  Jayshree  Ullal  likes  to  make  the  point 
that  we  should  assume  any  device  capable  of 
an  Internet  attachment  ultimately  will  get  one. 

I  think  she’s  right. 

So,  instead  of  assuming  a  mere  three  screens, 


we  should  be  thinking  in  terms  of  multiple  screens  (and  Internet  appli¬ 
cations)  per  user. 

Why  does  this  matter?  For  a  couple  of  reasons.  First,  the  three-screen 
view  underestimates  the  per-user  consumption  of  Internet  bandwidth. 
Most  of  the  telcos  and  equipment  providers  1  speak  with  assume  the 
old  model  of  Internet  connectivity  will  prevail.That  model  measures  In¬ 
ternet  connectivity  to  each  household  (or  workplace)  —  not  to  each 
user.  Big  mistake.  Users  consume  far  more  connectivity  (generally  from 
multiple  providers)  than  this  model  accounts  for. 

Second,  it  underestimates  the  impact  of  peer-to-peer  traffic.  Peer-to- 
peer  has  gotten  a  bad  rap  because  of  copyright  infringement  issues,  but 
even  taking  those  out  of  the  equation, an  increasing  amount  of  Internet 
traffic  results  not  from  users  accessing  sites,  but  from  users  communi¬ 
cating  with  each  other  in  bandwidth-intensive  ways:  not  just  voice,  but 
interactive  video  (including  telepresence)  and  file-sharing. 

This  is  a  very  big  deal,  because  it  affects  architecture  end  to  end.  Con¬ 
sumer  providers  often  assume  downstream  traffic  to  each  user  is  far 
greater  than  upstream  traffic  from  that  user.  Read  the  fine  print  on  your 
contract  —  it  probably  prohibits  you  from  setting  up  your  own  server, 

and  defines  massive  upstream  transmissions  as 
an  abuse  of  the  service. 

That’s  broken.  If  carriers  truly  buy  into  the 
many-screen  view  of  the  future,  they  should 
recognize  that  symmetrical  bandwidth 
(equivalently  large  upstream  and  down¬ 
stream  links)  is  the  way  to  go.  So,  providers 
and  equipment  vendors,  listen  up:  A  para¬ 
digm  shift  is  headed  our  way.  And  if  Gladwell 
is  to  be  believed,  it  will  happen  faster  than 
you  expect. 

Johnson  is  president  and  senior  founding 
partner  at  Nemertes  Research,  an  independent 
technology  research  firm.  She  can  be  reached  at 
johna@nemertes.  com. 
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abb@doeinvestor.net  and  continues  on  from 
there.  Brute  forcing  basically  generates  and 
sends  out  an  e-mail  to  every  possible  combi¬ 
nation  of  characters /e-mail  addresses  at  any 
given  domain.  A  dictionary  e-mail  Spam  basi¬ 
cally  uses  all  of  the  words  that  would  be 
included  in  a  dictionary  or  combinations  of 
words  which  generally  produce  quite  a  few 
valid  e-mail  accounts.  This  type  of  method 
would  not  be  inhibited  by  using  a  separate 
e-mail  address  for  each  business  account  you 
may  have. 

We  have  no  reason  to  believe  that  any  of 
our  systems  have  been  compromised. 

Ameri trade  deploys  state  of  the  art  firewalls, 
intrusion  detection,  anti-virus  software  as  well 
as  employs  a  full  time  staff  of  employees  dedi¬ 
cated  strictly  to  Information  Security  and  pro¬ 
tecting  Ameritrade's  systems  from  unautho¬ 
rized  access .” 

Don’t  you  just  love  the  idea  of  a  customer 
service  rep  giving  an  IT  security  expert  a  les¬ 
son  about  spam? 

Anyway  Fritsch  tried  again:“I  suggest  you 
review  the  security  of  your  customer  data.  1 
and  the  man  who  hosts  the  receiving  e-mail 
server  are  both  computer  and  network  securi¬ 


ty  specialists  and  if  a  full-blown  dictionary 
spam  attempt  had  been  made  the  source 
would  have  been  cut  off  long  before  it  got  to 
the  combination  of  ‘ameritrade.’” 

This  time  the  rep  at  least  had  enough  sense 
to  break  from  the  script  and  boot  this  one 
upstairs. 

"Mr.  Fritsch, 

We  take  the  security  of  our  client  data  very 
seriously.  I  have  forwarded  your  notes  to  our 
Management  Team." 

While  Ameritrade  insists  it  was  working  dili¬ 
gently  —  and  hiring  specialists  —  to  stem  the 
flow  of  spam,  all  of  those  efforts  proved  inef¬ 
fective  until  recently  . . .  and  customers 
remained  in  the  dark. 

In  August  2006,  Fritsch  tried  again  to  warn 
Ameritrade,  this  time  providing  samples  of  the 
spam  that  was  hitting  his  Ameritrade-only 
account.  At  this  point  it’s  clear  that  the  matter 
has  Ameritrade’s  attention,  even  if  the  compa¬ 
ny  was  not  sharing  those  concerns  with  its 
client  base. 

"Dear  Joshua  Fritsch: 

Thank  you  for  reporting  that  you  received 
spam  e-mail  at  an  e-mail  address  you  use  with 
TD  Ameritrade. 

We  take  your  privacy  very  seriously,  and 
are  conducting  a  thorough  investigation  into 
this  matter. 


If  you  haven 't  already,  we  would  appreciate  it 
if  you  would  reply  to  this  message  and  provide 
the  following: 

•  The  date  the  e-mail  was  received 

•  The  address  the  spam  was  sent  to  (your 
e-mail  address ) 

0  The  e-mail  source  (the  'from' address) 

0  Whether  this  was  the  first  occurrence 

We  sincerely  appreciate  your  cooperation 
and  patience  as  we  work  to  get  to  the  source 
of  this.” 

Fritsch  had  already  sent  what  they  request¬ 
ed,  but  he  sent  more,  just  to  be  helpful. 

Finally,  near  the  end  of  August  —  again,  this 
is  2006  —  Fritsch  received  this  e-mail  from 
Ameritrade: 

"Joshua  Fritsch, 

We  have  received  many  headers  from  vari¬ 
ous  client  reports.  At  this  time  there  is  no  need 
to  continue  to  forward  this  information  to  TD 
Ameritrade.  We  appreciate  your  cooperation  in 
our  investigation." 

And  another  full  year  would  pass  before  6.2 
million  Ameritrade  customers  would  learn 
that  all  that  spam  they  had  been  getting  was 
more  than  just  spam. 

Something  to  say?  You  can  trust  me  with 
your  e-mail  address.  The  address  here  is 
buzz@nww.com. 
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Products,  services  and  strategies  for  tying  teleworkers  to  the  enterprise 

Federal  GISOs  seek  mobile  security 

Government  agencies’  adoption  of  telecommuting  has  lagged  far  behind  goals 


BY  TIM  GREENE 

Despite  official  urging,  telecommuting  within  federal  agencies  is  lan¬ 
guishing,  in  part  because  standards  don’t  exist  for  how  to  secure 
mobile  endpoints  —  mainly  the  laptops  telecommuters  would  use 
when  outside  the  office. 


Federal  CISOs,who  are  aware  of  data  breach¬ 
es  in  both  the  public  and  private  sectors  that 
have  compromised  personal  information  of 
thousands  of  people,  say  that  security  of  lap¬ 
tops  —  the  key  to  most  telecommuter  pro¬ 
grams  —  is  their  biggest  worry 

At  the  same  time,  government  managers  face 
existing  federal  laws  dating  to  2000  that  man¬ 
date  telework  programs.  In  addition,  new  pres¬ 
sure  is  being  applied  for  them  to  encourage 
more  government  workers  into  telecommuting 
programs  as  an  attempt  to  dramatically  boost 
the  number  of  work-at-home  employees. 

Some  government  CISOs  say  the  best  course 
of  action  is  to  follow  best  practices  set  down  by 
the  National  Institute  of  Standards  and  Tech¬ 
nology  (NIST),  the  closest  thing  to  certification 
available. 

NIST  recommendations  include  such  basics 
as  installing,  running  and  updating  antivirus 
software;  periodically  scanning  machines  with 
spyware-removal  software  and  adopting  a 
“paranoia  level”  of  security  awareness  when 
writing  personal  firewall  rules. 

NIST  also  encourages  encrypting  data  on  lap¬ 
tops  and  as  it  is  transmitted  and  the  ability  to 
remotely  lock  down  laptops  reported  lost  or 
stolen  —  good  advice  but  not  as  formal  as  top 
federal  network  security  executives  want. 

The  General  Services  Administration  (GSA) 
—  which  has  championed  telecommuting  for 
years  —  has  set  a  high  bar  for  its  own  program. 
At  a  recent  forum  run  by  the  industry  group 
Telework  Exchange,  GSA  administrator  Lurita 
Doan  called  for  a  dramatic  leap  in  telecom¬ 
muting  for  her  agency  by  the  end  of  2009. 

With  just  10%  telecommuting  today  she  set 
goals  of  20%  to  be  telecommuting  by  the  year- 
end  and  40%  by  the  end  of  2009.  According  to 
published  GSA  estimates,  just  4%  of  federal 
workers  telecommute  today 

The  U.S.  Office  of  Personnel  Management 
breaks  that  down  further,  saying  that  of  those 
who  telecommute,  only  a  quarter  of  them  do 
so  three  or  more  days  per  week,  and  39%  do  so 
less  than  once  a  week  but  at  least  once  a 
month. 

While  other  factors  weigh  into  the  slow  adop¬ 
tion  rate,  a  recent  survey  of  federal  CISOs 
found  that  63%  say  securing  mobile  devices 
used  at  home  is  their  top  data-security  priority 


but  they  have  no  way  to  know  that  their  pre¬ 
cautions  are  adequate. 

The  overriding  problem  federal  CISOs  face 
is  that  there  is  no  official  certification  of 
mobile  devices  that  assures  them  that  laptops 
they  issue  comply  with  the  Federal  Informa¬ 
tion  Security  Management  Act  (FISMA), 
which  contains  the  blueprint  for  all  federal 
telecommuting. 

According  to  a  survey  by  Telework  Ex¬ 
change,  83%  of  these  CISOs  want  certification 
of  what  comprises  a  secure  mobile  endpoint. 
The  survey  is  based  on  responses  of  35  out  of 
117  federal  CISOs. 

They  want  secure  machines  but  also  want 
the  security  to  work  without  much  user  inter¬ 
vention^  complication  that  could  reduce  will¬ 
ingness  to  telecommute  in  the  first  place.“Let’s 
just  face  it;  we  as  people  just  want  access.  We 
don’t  really  care  about  security?’  says  Dennis 
Heretick,  CISO  for  the  Department  of  Justice,  at 
a  recent  forum  on  federal  telecommuting. 

As  a  result,  his  department  issues  work-only 
machines  to  telecommuters  that  the  depart¬ 
ment  maintains.  They  are  locked  down  using 
data-rights  management  software  that  blocks 
inadvertent  copying  of  sensitive  information. 

Despite  efforts  to  make  working  from  home 
as  painless  as  possible,  FISMA  requires  federal 
agencies  to  train  telecommuters  in  securing 
their  hardware,  another  barrier  to  some  poten¬ 


tial  telecommuters. 

For  instance,  the  Department  of  Energy  en¬ 
courages  working  from  home,  but  only  9%  of 
employees  do  —  significantly  short  of  the 
department  goal  of  15%,  according  to  Rita 
Franklin,  Energy  Department  deputy  chief 
human  capital  officer.  But  the  demographics  of 
the  department  reflect  a  workforce  that  aver¬ 
ages  49  years  of  age  —  what  she  terms  the 
dinosaur  generation  —  that  is  skeptical  about 
telework,  according  to  Telework  Exchange’s 
account  of  her  presentation  to  the  forum. 

That  is  bad  news  for  the  Bureau  of  Engraving 
and  Printing,  which  is  in  charge  of  minting 
money  Michael  O’Leary  the  bureau’s  program 
manager  in  operations  support,  says  that  offer¬ 
ing  work-at-home  programs  is  partially  intend¬ 
ed  to  delay  a  “retirement  tsunami”  that  could 
gut  the  agency  of  its  most  experienced  workers. 

Meanwhile,  CISOs  are  directed  to  NIST  rec¬ 
ommendations  for  securing  mobile  devices. 
These  include  strong  authentication  and  log¬ 
ging  all  activity  by  remote  users  and  guarding 
those  logs. 

The  guidelines  also  call  for  physical  security 
such  as  cabling  laptops  in  place  if  they  are 
used  in  one  location  for  a  long  period  and  es¬ 
tablishing  a  procedure  for  reclaiming  tele¬ 
commuting  gear  if  an  employee  is  fired. 

Training  users  is  also  key  to  any  home-worker 
program,  including  education  about  risks  and 
the  proper  use  of  security  software,  NIST  says. 

The  recommendations  call  for  double-wrap- 
ping  laptops  in  personal  firewalls,  residing  on 
the  device  as  software  and  a  second  hardware 
based  firewall  sitting  between  the  device  and 
the  Internet. The  hardware  device  can  include 
a  VPN. 

See  Federal,  page  34 


How  the  Feds  protect  mobile  data 

A  survey  of  35  of  117  federal  CISOs  found  these  methods  are  being  used 
to  guard  against  data  theft: 


Remote  data  deletion  for  lost  or  | 
stolen  devices:  46°o  | 

VPN  for  remote  connections:  57°o  I 

Multifactor  authentication:  69°o  ! 

Annual  user  data-security  training:  94% 


SOURCE:  TELEWORK  EXCHANGE 


32  •  SEPTEMBER  24,  2007  •  www.networkworld.com 


WHEN  INFORMATION  AVAILABILITY  MATTERS 


\  t  ,  Cjj .4 ill  v" 

TO  SEE  THE  TOP  SEVEN  ROADBLOCKS  COMPANIES  FACE  IN  ACHIEVING  INFORMATION  AVAILABILITY 
AND  FIND  OUT  HOW  TO  AVOID  THEM  VISIT  WWW.AVAILABILITY.SUNGARD.COM/IA,  ' 

.  *  v  Vj  )  *Ay  v- 5W  fc-tSFl*'' 

...  h-'f:  \ fMm1  • 

:  .  ;•  ‘ 

■  A.  i  •  «  ! ’•  ■r'.jS.K:  t  \  i. 


SUNGARD  Sfltt 

Availability  Services  Connected : 

680  East  Swedesford  Road,  Wayne  PA  19087 
800-468-7483  |  www.availability.sungard.com 


SunGard.  Setting  new  standards  for 
Information  Availability  by  delivering 
a  range  of  solutions  that  meet  your 
specific  availability  objectives.  Flexible 
enterprise  wide  solutions  from  IT 
management  to  AdvancedRecoverySM. 
2,500  experts.  Three  decades  of 
experience.  100%  successful 
recovery  track  record. 


To  see  how  SunGard  can  help 
improve  your  IT  availability  stop 
by  www.availability.sungard.com 
or  call  800-871-5857  today. 


NEWS  ANALYSIS 


Daylight-saving  time  issue  redux 

Nov.  4  is  key  deadline  for  rolling  out  patches 


Daylight-saving  time  checklist 

“Fall  back"  has  another  meaning  this  year  as  corporations  return  to  the 
daylight-saving  issues  they  corrected  in  the  spring  and  recheck  systems 
rolled  out  since  then  to  assure  they  are  patched. 

Take  inventory  of  servers,  desktops  and  applications  that  were  rolled  out  after  March  11, 
the  day  daylight-saving  time  kicked  in  this  year. 

Focus  particularly  on  Windows  PCs,  Java  programs,  calendaring,  billing  and  other  time- 
related  applications. 

Check  with  vendor  Web  sites  to  confirm  what  patches  are  needed  and  validate  those 
patches  are  installed. 

Verify  thatWindows  desktops  and  servers  using  automatic  updates  viaWindows  Server 
Update  Services  have  downloaded  and  installed  patches. 

Check  other  copies  of  Windows-based  systems,  especially  those  that  are  not  automatically 
updated. 

Complete  testing  by  Oct.  28. That  is  the  day  unpatched  systems  will  revert  to  standard 
time,  which  is  one  week  before  the  new  date  Nov.  4. 

Be  aware  that  network  time  servers  will  not  solve  the  problem. 


BY  JOHN  FONTANA 

The  daylight-saving  time  scramble  of  last 
spring  may  be  in  need  of  a  cleanup  this  fall 
for  companies  that  spent  the  summer  rolling 
out  new  servers,  desktops  and  time-sensitive 
applications. 

Clocks  will  “fall  back”  to  standard  time  on 
Nov.  4,  but  companies  with  unpatched  sys¬ 
tems  will  fall  back  a  week  earlier,  throwing 
off  calendars,  transaction  systems  and  any¬ 
thing  that  relies  on  clock  time  for  accuracy 
and  execution. 

DST  kicked  off  March  1 1  this  year,  three 
weeks  earlier  than  previously  and  comes  to  a 
close  one  week  later — Nov.  4  instead  of  Oct.  28 
—  as  part  of  the  Energy  Policy  Act  of  2005.That 
milestone  had  corporate  users  scrambling  to 
patch  systems  so  they  would  not  suffer  time- 
related  hiccups  in  their  operating  systems, 
applications  and  other  infrastructure. 

Early  this  year,  most  major  IT  vendors,  includ¬ 
ing  Cisco,  IBM,  Microsoft,  Novell,  Red  Hat  and 
Sun,  rolled  out  DST  fixes  for  their  products. 
Now  the  fall-back  side  of  the  DST  issue  could 
be  a  problem  for  companies  that  rolled  out 
new  computers  or  applications  after  March  1 1 . 
Systems  that  haven’t  been  updated  with  the 
correct  DST  patches  will  revert  to  standard 
time  a  week  early 

“That  will  make  you  an  hour  late  to  all  your 
meetings,”  says  Eric  Schultze,  chief  security  ar¬ 
chitect  for  patch  vendor  Shavlik  Technologies. 
“Companies  without  patch  management  pro¬ 
cesses  that  scrambled  in  March  are  going  to 
scramble  again.”  Machines  that  were  patched 
last  spring  are  set,  he  says. “It  is  the  computers 
you  just  bought  last  month  that  might  not  have 


the  patches  on  them,  or  the  systems  you  have 
rebuilt  that  need  the  patch  reapplied,”  he  adds. 

On  the  Microsoft  Windows  side,  Schultze 
says  even  those  new  Vista  machines  will  need 
a  patch. 

The  good  news  is  that  Windows  users  whose 
systems  are  configured  to  run  Windows 
Server  Update  Services,  Microsoft’s  online 
patch  site,  have  received  the  DST  patch  auto¬ 
matically.  The  patch  supports  Vista,  Windows 
Server  2003  and  XP  SP2.  A  DST  patch  for 
products  in  extended  support,  such  as 


Windows  2000,  XP  Gold  or  XP  SP1,  costs 
$4,000  from  Microsoft.  Patch  vendors  such  as 
Shavlik  have  built  a  replica  of  the  extended 
support  patch,  however,  and  make  it  avail¬ 
able  to  their  customers.  Microsoft  offers  a 
support  center  for  IT  pros. 

Schultze  says  the  DST  issue  won’t  be  nearly  as 
big  as  it  was  in  March.“I  think  for  a  corporation, 
probably  20%  of  their  machines  have  turned 
over  since  spring,  so  it  is  probably  that  percent¬ 
age  of  machines  that  could  be  impacted  and 
need  to  be  checked,”  he  says.  ■ 


Federal 

continued  from  page  32 

“Operating  both  a  software  personal  firewall 
and  a  separate  device  provides  the  opportun¬ 
ity  to  screen  out  intruders  and  to  identify  any 
rogue  software  that  attempts  to  transmit  mes¬ 
sages  from  the  user’s  computer  to  an  external 
system,”  NIST  says. 

Browsers  should  be  configured  to  limit  po¬ 
tential  weaknesses,  such  as  plug-ins,  Java  and 
Active  X,  which  can  increase  the  attack  vectors 
from  Web  sites.  Disabling  or  selectively  remov¬ 
ing  cookies  should  also  be  considered,  NIST 
says.  Similarly,  unused  elements  of  operating 
systems  should  be  disabled.  Both  Web  brow¬ 
sers  and  operating  systems  should  be  kept  up- 
to-date  with  patches. 

Threats  originating  in  e-mail  also  are  a 
worry.  For  example,  the  Department  of 
Justice  has  forbidden  employees  to  use  their 
work  e-mail  from  their  private  home  com¬ 


puters  because  securing  e-mails  as  they 
crossed  the  wire  and  were  stored  proved  to 
be  too  difficult,  according  to  Heretick,  the 
department’s  CISO,  speaking  at  a  Telework 
Exchange  panel. 

Security  isn’t  the  only  hurdle,  or  even  the 
most  difficult  one,  facing  telecommuting, 
according  to  the  latest  report  to  Congress  from 
the  U.S.  Office  of  Personnel  Management. 

Concerns  about  having  enough  people  in 
offices  to  handle  public  demand  is  the  top  bar¬ 
rier  to  adopting  work-at-home  programs,  with 
73%  of  the  78  agencies  that  participated  in  a 
survey  by  the  office.  Next  is  an  organizational- 
culture  bias  against  telecommuting,  at  54%,  fol¬ 
lowed  by  resistance  from  agency  manage¬ 
ment,  at  52%.  Security  came  in  fourth,  at  44%, 
citing  that  as  a  barrier. 

The  top  four  responses  to  these  hurdles  are 
training  managers,  training  workers  who  tele¬ 
commute,  spending  more  on  equipment  and 
bolstering  in-house  marketing  programs  to 


make  telecommuting  seem  more  attractive. 

The  prime  motivation  for  encouraging 
telecommuting  for  federal  workers  remains 
disaster  recovery  which  raises  a  whole  sepa¬ 
rate  set  of  concerns  for  government  IT  secu¬ 
rity  planners.  Not  only  will  devices  used  at 
home  have  to  be  protected,  but  so  will  the 
applications  they  are  accessing,  and  that  set 
of  accessible  applications  can  change  dra¬ 
matically  with  a  sudden  spike  of  home  work¬ 
ers  resulting  from  an  emergency.  Possible  sce¬ 
narios  include  disasters  that  destroy  govern¬ 
ment  offices,  transportation  disruptions  and 
widespread  epidemics  that  quarantine  the 
workforce. 

That  will  mean  somehow  securely  admitting 
workers  to  sensitive  servers  formerly  banned 
from  use  by  remote  workers,  Commerce  De¬ 
partment  CISO  Michael  Castagna  said  at  a  re¬ 
cent  Telework  Exchange  forum. 

“It’s  going  to  force  us  to  rethink  security  on 
the  flyj’he  said.B 
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Stova  Wong,  CIO,  Paul  Hastings 
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At  Paul  Hastings,  a  globally  recognized  law  firm  with  1,200  attorneys  and  18  offices  worldwide,  timely  and  accurate 
communication  of  information  is  a  24/7/365  priority.  Enter  the  superior  enterprise  networking  experience  of 
MASERGY.  Through  a  passionate  dedication  to  the  customer  experience,  our  proven  IP  MPLS  network  offers 
flexible  solutions,  responsive  collaboration,  seamless  global  delivery,  proactive  support  and  simplified  billing. 
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Welcome  to  IBM  Express  Advantage!'  From  the  people  and  Business  Partners  of  IBM.  We  offer 
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priced  simply.  There  are  local  Business  Partners  who  understand  your  industry  and  market.  Plus, 
we  offer  affordable  financing  with  minimal  paperwork  and  easy  approvals.  And  one  number  to  speak 
with  a  concierge  representative  who  can  direct  you  to  a  specialist.  Helping  your  company  innovate 
and  grow  has  just  gotten  easier. 
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A  SPECIAL  REPORT 


GROUPING  DESCRIPTION 

TOTAL  All  respondents 


Network  professionals  generally  earned  annual  salar. 
raises  that  bested  the  national  3.  2%  inflation  rate  by  a  per 

centage  point  or  two  —  and  receiy : 
Vnun  nonninric  hardy  bonuses,  too,  according  to  the 
YOU"  carningS  2007  Network  World  Salary  Survey 


am 

LAN,  WAN  or  network  manager 

Network  architect,  designer,  analyst 
or  database  administrator 

$64,800 

$86,600 

Network  operator,  technician  or  other 
network  operations  staff 

$59,400 

Data  center  manager/architect, 
storage  manager/administrator 

$91,600 

Trainer,  help  desk,  tech  support 

$47,900 

••  =:  1 

Software  or  Web  programmer/developer 

$80,100 

Salaries  are  up,  but  spirits 


'ALL  OOLLAR  FIGURES  ARE  MEAN  AVERAGES  “PERCENT  CHANGES  REFLECT  CHANGES  FROM  2006  TO  2007.  "'TOTAL  COMPENSATION  INCLUDES  BASE  PAY.  BONUS.  STOCK  OPTIONS  AND  OTHER  PAYMENT. 


H  TYPICAL  RAISES  BEAT  NATIONAL 
RATE  OF  INFLATION,  BRINGING 
AVERAGE  BASE  PAY  TO  $86,700.  YET, 
NETWORK  PROFESSIONALS  AREN’T 
HAPPY  WITH  THEIR  SALARY  PACKAGES, 
OUR  ANNUAL  SURVEY  FINDS. 


BY  BETH  SCHULTZ 

A  storm  seems  to  be  brewing  in  the  IT  job  market.  Pay  raises  have 
continued  to  outpace  inflation  and  bonuses  are  downright  impres¬ 
sive  —  1 1 .6%  on  average.Yet,  as  the  2007  Network  World  Salary  Survey 
finds,  dissatisfaction  over  the  salary  package  is  rampant. 

On  average,  the  1,789  respondents  to  this  year’s  salary  survey,  con¬ 
ducted  with  the  help  of  research  firm  King,  Brown  &  Partners,  saw 
their  base  pay  rise  5.2%,  to  $86,700  (see  “Your  earnings,”  at  right). 
On  its  own,  this  doesn’t  sound  all  that  impressive.  But  compared 
with  the  cost  of  living,  it  makes  IT  look  like  a  good  place  to  be.The 
average  inflation  rate  for  2006  was  only  3.2%,  according  to 
Inflationdata.com. 

Yet  respondents  aren’t  particularly  happy  with  their  pay  pack¬ 
ages.  When  asked  to  rank  how  satisfied  they  are  with  18  job  crite¬ 
ria,  overall  compensation  and  base  salary  fared  poorly  compared 
with  how  important  they  are.  Overall  compensation  is  tops  in 
importance,  with  base  salary  at  No.  2,  yet  those  job  criteria  rank  1 1 
and  12,  respectively,  in  the  satisfaction  listing  (see  “Frustrated  with 
the  paycheck,”  page  39). 

Similarly,  respondents  report  dissatisfaction  with  annual  raises. 
That  job  factor  is  No.  7  in  importance  but  ranks  No.  15  in  satisfac¬ 
tion.  Bonuses  and  stock  options  also  are  the  source  of  disappoint¬ 
ment,  ranked  No.  16  and  18  in  satisfaction.  However,  those  job  fac¬ 
tors  aren’t  nearly  as  important  to  them.  Bonuses  come  in  at  No.  16 
and  stock/stock  options  at  the  rock-bottom  No.  18  in  importance. 

That  bonuses  and  stock  options  rank  so  low  in  importance  is 
odd  given  the  hefty  year-over-year  average  increases  reported  — 
11.6%  for  bonuses,  to  an  average  of  $7,700,  and  21.1%,  to  $2,300, 
for  stock/stock  options.  One  explanation  for  this  could  be  that 
respondents  see  these  as  standard  human  resources  fare,  award¬ 
ed  when  a  company  does  well  but  not  as  a  perk  for  doing  a  great 
job  as  a  network  professional  per  say.  This  perception  could  lead 
to  a  lower  importance  rating  compared  with  job  factors  of  a  more 
personal  nature. 

When  adding  base  pay  with  bonuses  and  such  compensation  as 
stock  options,  respondents  are  pulling  in  a  total  of  $97,600  on  aver¬ 
age  this  year,  or  a  6%  rise  over  2006. 

Salary  issues 

As  could  be  expected,  people  in  the  upper-most  IT  echelon  — 
CIOs  and  those  with  senior  vice  president  or  vice  president  titles 
—  received  the  biggest  pay  hikes. Those  totaled  6%  on  average,  to 
a  base  salary  of  $128,300.  Likewise,  those  at  the  lowest  level  — 
LAN  managers,  network  architects,  network  operators  or  techni¬ 


cians,  help  desk  support  staff  and  the  like  —  netted  the  smallest 
raises,  at  5.1%.  Base  salary  for  this  group  averaged  $74,300. 

Staff-level  dissatisfaction  over  salaries  has  been  an  issue  for  Jonathan 
Campbell,  director  of  network  services  at  FirstHealth  of  the  Carolinas, 
a  sprawling  healthcare  network  in  Pinehurst,  N.C.  Campbell  reports 
having  recently  lost  a  couple  of  people  from  his  network  operations 
staff,  at  least  in  part  due  to  pay  issues.  Finding  new  staff  members  was¬ 
n’t  easy’The  biggest  problem  is  salary  he  says. 

The  issue  is  twofold,  Campbell  says.  “Companies  that  have 
extremely  competent  people  are  paying  big  bucks  to  keep  them. 
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Benefits  package  3  10 


Go  to  www.nwdocfinder.com/1724  for  the  full  importance  and  satisfaction  ratings. 


ABOUT  10  TO  20%!’ 

-  DAVID  LAMPERT, 
network  operations  manager,  Physio-Control 


Base  salary  2  12 


paychecks  as  they'd  like 


JOB  CRITERIA 


IMPORTANCE  RANK  SATISFACTION  RANK 


Overall  compensation 
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JED  SHARE 


A  SPECIAL  REPORT 


Hot  IT  skills 


Other  companies  looking  for  new  hires  can’t  meet  the  salary 
demands  to  get  these  individuals  to  leave  their  current  positions. 
So  those  companies  will  pay  less  to  get  a  foreign  [immigrant] 
worker  with  little  experience  but  lots  of  degrees  and  certifications 
to  fill  the  position,  even  though  factors  such  as  customer  satisfac¬ 
tion  may  suffer,”  he  explains. 

Campbell  suggests  this  may  be  leading  to  some  of  the  dissatis¬ 
faction  over  pay  that’s  bubbling  up  from  the  bottom. “I’ve  talked 
to  a  number  of  foreign  workers,  and  most  complain  about  their 
compensation  as  compared  to  their  American-born  counter¬ 
parts,”  he  says. 

Healthcare  isn’t  the  highest-paying  industry,  but  it’s  not  the  lowest, 
either.The  average  annual  increase  for  network  professionals  in  health¬ 
care  was  5%, bringing  base  pay  to  $88,300,  the  survey  finds.Those  work¬ 
ing  at  media,  hospitality,  entertainment  or  recreation  companies 
reported  the  biggest  salary  gains,  of  7.4%  on  average.  However,  average 
base  pay  for  those  companies,  at  $84,500,  is  still  below  the  top-paying 
finance  and  high-tech  sectors.  Average  salaries  for  those  sectors  are 
$97,300  —  a  5. 1  %  increase  from 
2006  —  and  $93,000  —  6.2% 
higher  than  last  year. 

On  the  opposite  end  of  the 
pay  spectrum,  government 
workers  and  military  person¬ 
nel  reported  the  lowest  raises,  at  4.1% 
on  average.  Still,  with  an  average  base 
pay  of  $78,600,  their  salaries  are  slight¬ 
ly  better  than  those  of  their  peers  in 
education.  Respondents  in  education, 
the  lowest-paid  sector,  reported  aver¬ 
age  raises  of  4.6%,  bringing  base  pay  to 
$73,400.  (For  a  look  at  how  geography 
affects  your  salary,  see  “Base  pay  by 
region,”  page  41.) 


Paycheck  vs.  other  job  criteria 

The  good  news  is,  while  a  storm  is 
brewing  over  base  pay  and  total  com¬ 
pensation,  other  factors  are  keeping  a 
real  downpour  of  job  dissatisfaction  at 
bay.  Family  friendliness,  flexibility  of 
work  schedule  and  proximity  to  home 
are  Nos.  11,  12  and  15  in  importance, 
but  respondents  clearly  still  appreciate 
the  warm  fuzzies  they  get  from  them.  In 
satisfaction,  those  criteria  rise  to  the 
Nos.  1, 3  and  4  spots.  Likewise,  respon¬ 
dents  are  quite  pleased  with  job  secu¬ 
rity,  ranked  No.  4  in  importance  and 
No.  2  in  satisfaction. This  is  a  significant 
change  from  the  post-bubble  days, 
when  job  security  was  ranked  more 
important  than  anything  —  even  pay. 

Even  while  they  wish  they  were  better 
compensated,  most  respondents  report 
that  they  like  where  they’re  at  with  their 
jobs.  When  asked  how  satisfied  they  are 
with  their  current  positions  overall, 
nearly  42%  of  respondents  said  they 
were  either  very  satisfied  or  extremely 
satisfied,  and  another  40%  indicated 
that  they’re  satisfied. 

But  a  hierarchy  does  come  into  play. 
Middle  managers  are  more  satisfied 
than  those  in  staff  positions,  and  the 


most  senior  managers  are  more  satisfied  than  both  middle  man¬ 
agers  and  staff  members.  Indicative  of  the  age-old  class  struggle, 
61%  of  dissatisfied  respondents  hold  staff  positions.  The  most 
wanting  of  the  lot  are  trainers,  help  desk  personnel,  technical 
support  staff,  software  developers  and  Web  programmers,  the  sur¬ 
vey  finds. 

On  top  of  salary  issues,  any  number  of  other  factors  could 
explain  why  staff  members  generally  are  more  dissatisfied  overall 
with  their  jobs  than  higher-level  network  professionals.  The  con¬ 
cern  over  outsourcing  lurks  behind  some  of  the  dissatisfaction,  for 
example.  Nearly  17%  of  respondents  reported  being  affected  by 
the  increased  use  of  outsourcing  at  their  places  of  work. 
Respondents  who  work  in  manufacturing,  banking  and  high-tech 
industries  most  often  reported  increased  use  of  outsourcing  at 
their  firms,  as  did  respondents  within  the  largest  companies. 

Concern  over  job  replacement  is  certainly  valid,  as  outsourcing 
proves  an  increasingly  viable  option  for  companies  that  need  tal¬ 
ented  workers  quickly  and  inexpensively, says  David  Lampert.net- 


Windows  administrators  are  in  high  demand,  but  plentiful.  Experts  in  security, 
storage  and  networking  are  much  wanted,  too,  but  harder  to  find. 

For  the  first  time,  we  asked  participants  in  our  annual  salary  survey 
project  to  tell  us  about  their  hiring  plans.  Of  the  1,100  respondents  with  hiring 
authority,  about  half,  or  54%,  have  job  openings.  Respondents  in  the  high-tecn 
and  healthcare  sectors  most  frequently  report  being  in  hiring  mode,  while 
those  in  the  transportation  and  at  nonprofits  least  frequently. 

Among  those  hiring,  Windows  administrators  are  in  the  biggest  demand  but  also 
are  expected  to  be  the  easiest  to  find,  Also  in  high  demand"  are  network  design¬ 
ers,  architects  and  operations  technicians  (versed  in  Cisco  networking,  VoIP 
technology  and  network  management,  for  example).  Survey  respondents  say, 
however,  these  folks  will  be  tough  to  find, 

Here's  a  look  at  the  hiring  picture; 


%  WHO  PLAN 

TO  HIRE 

JOB  SKILLS  WANTED 

HIRING 

DIFFICULTY 

RATING* 

%  EXPECTING 
DIFFICULTY  IN 
HIRING 

%  EXPECTING 

EASE  IN  HIRING 

46% 

Custom  software 

programming/database 

programming 

3.42 

49% 

21% 

51% 

Storage  architect,  data 
archiving/backup 

3.46 

50% 

18% 

51% 

Windows  administration 

2.39 

18% 

57% 

54% 

Web  applications  develop- 
ment/database 

3.08 

38% 

35%  ' 

58% 

Security  architect, 
security  administrators, 
security  response  team 

3.7 

58% 

12% 

60% 

Data  center  manage¬ 
ment/architect 

3.38 

46% 

19% 

60% 

Open  source/Linux  admin¬ 
istrators 

3.25 

42% 

24% 

71% 

Network  designer,  archi¬ 
tect,  operations  technicians 

3.44 

50% 

20% 

73% 

Wireless  LAN  design, 
management 

3.09 

34% 

29% 

TOTAL  NUMBER  OF  RESPONDENTS  «  588  'MEAN,  ON  A  1-T0-5  SCALE  FHOM  EASY  TO  TOUGH  TO  fINO  *  ‘THOSE  SELECTING  4  AND  5.  “‘THOSE  SELECTING  1  AND  2. 

SOURCE.  2007  NETWORK  WORLO  SALARY  SURVEY 
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work  operations  manager  at  Physio-Control,  a 
Redmond,  Wash.,  business  unit  of  Medtronic,  a 
$12  billion  global  manufacturer  of  medical 
devices.  Eastern  Europe,  in  particular,  has  a  gold¬ 
mine  of  great  outsourcing  talent  waiting  to  be 
tapped,  he  says. 

Lampert  manages  five  people,  all  of  whom  work 
for  a  Ukraine  outsourcer. Things  couldn’t  be  better, 
he  says.  They  are  well  educated,  have  extremely 
high  levels  of  professionalism  and  an  admirable 
work  ethic,  plus  have  mastered  English,  he  says. 

“Outsourcing  has  worked  extremely  well  for  us,” 
Lampert  says.  Physio-Control  makes  the  external 
defibrillators  used  by  emergency  medical  ser¬ 
vices  (EMS)  and  hospital  teams, and  also  found  in 
such  public  places  as  airports  and  schools.  Using 
cell-phone  data  networks,  the  company  moves 
data  —  EKGs  —  from  the  sophisticated  defibrilla¬ 
tors  used  by  EMS  teams  to  ER  professionals  and 
cardiologists  in  near  real  time  so  diagnosis  begins 
while  the  cardiac  patient  is  en  route  to  the  hospi¬ 
tal.  Lampert  manages  the  data-center  operations 
that  facilitate  the  communication  between  the 
devices  and  the  caregivers,  and  relies  on  his  out¬ 
sourced  employees  to  handle  a  wide  range  of 
tasks,  from  software  development  to  network 
design  and  operations  and  day-to-day  infrastruc¬ 
ture  management. 

Job  opportunities 

Certainly  the  network  job  market  is  vibrant,  and  new 
job  opportunities  abound,  according  to  the  survey 
But,  as  Lampert  suggests,  finding  local  talent  isn’t 
always  easy 

Of  the  1,100  survey  respondents  with  hiring 
authority,  slightly  more  than  half  are  on  the  prowl 
for  new  workers,  with  the  hottest  job  markets  in  the 
South  Atlantic,  Northern  Midwest  and  Pacific 
regions.  The  hiring  news  is  especially  good  for 
those  with  network  skills,  as  71%  of  respondents 
are  looking  to  hire  designers,  architects  or  opera¬ 
tions  technicians  with  Cisco,  VoIP  and  network- 
management  know-how.  But  hot  skills  also  fall 
across  a  number  of  other  categories,  with  data-cen- 
ter  management,  security  operations,  wireless  LAN 
(WLAN)  design  and  Windows  administration 
among  them. 

Interestingly,  only  Windows  administrators  are 
expected  to  be  easy  to  find,  the  survey  finds. Those 
who  are  well  versed  in  WLAN  design  and  manage¬ 
ment  and  Web  application  development  will  be 
moderately  easy  to  find,  while  security  profession¬ 
als  seem  to  be  the  most  elusive  (see  “Hot  IT  skills,” 
page  40). 

With  employers  on  the  hunt  and  pay  dissatisfaction 
creeping  in,  fewer  people  in  general  are  feeling  loyal  to 
their  employers,  the  survey  finds. A  slightly  larger  num¬ 
ber  of  respondents  —  54%  —  either  are  seeking  a  new 
position  or  would  follow  up  upon  learning  about  job 
opportunities  than  those  who  aren’t  really  interested 
in  leaving  their  jobs, at  46%  (See“Loyalty  ratings,”  at  top 
right).  If  they  are  looking,  respondents  most  often  cite 
more  challenging  work  and  advancement  opportuni¬ 
ties  and  —  no  surprise  —  better  base  salary  plus  total 
compensation  and  benefits.  ■ 


for  new  work,  too. 


Fewer  people  express  absolute  loyalty  to  their 
jobs  this  year,  but  fewer  are  aggressively  looking 
over  the  past  five  years,  network  professionals 
have  been  fairly  consistent  with  their  approach  to  new  job  opportunities, 
with  people  absolutely  looking  for  new  jobs  and  those  with  steadfast 
commitments  to  their  current  employees  in  the  minority. 


2003 

2004 

2005 

2006 

2007 

Seekers  (on  the  prowl) 

12% 

13% 

13% 

15% 

13% 

Explorers  (keeping  their  eyes  open) 

40% 

39% 

39% 

40% 

41% 

Approachables  (not  looking,  but  would 
respond  to  a  personal  inquiry) 

32% 

32% 

32% 

29% 

33% 

Loyalists  (committed  to  current  employer) 

16% 

16% 

16% 

16% 

13% 

The  unsatisfied  worker 


The  2007  Network  World  Salary  Survey 
finds  these  characteristics  are  typical 
of  network  professionals  who  are  more  dissatisfied  with  their  jobs  than  not: 


•  Has  been  in  current  position  six  years  or  longer  and  promoted  only  once  or 
not  at  all. •Makes  less  than  $60,000  a  year  in  a  staff-level  position, 
particularly  working  on  software  and  Web  development,  training  or  does  help 
desk  or  tech  support.  •  Has  no  direct  reports.  •  Is  not  expecting  to  receive  a 
bonus  in  2007.  •  Works  at  a  company  with  more  than  1,000  employees,  often 
in  manufacturing.  •  Lives  in  a  Middle  Atlantic  state.  •  Has  earned  a  bachelor's 
degree  vs.  holding  no  college  degree, 


Base  pay  by  region  j  rfWT  ■! §;  ®  ) 

2007 
base  pay* 

$87,300 

%  change 
from  ’06 

5.8% 

Mew  England  (Conn.,  Maine,  Mass.,  N.H.,  R.I.,  Vt.) 

Middle  Atlantic  (N.Y.,  Pa.,  N.J.) 

$93,800 

4.8% 

Northern  Midwest  (ill.,  lnd„  Ohio,  Mich.,  Wis.) 

$82,000 

4.9% 

Northwest  (Iowa,  Minn.,  N.D.,  S.D.,  Mo.,  Kan.,  Neb.) 

$73,800 

4.7% 

South  Atlantic  (Fla,  Ga„  Md„  Del.,  N.C.,  S.C.,  Va.t  W.Va.) 

$88,100 

6.0% 

Southern  Midwest  (Ala.,  Ky„  Miss.jenn.) 

$76,200 

5.0% 

Southwest  (Ark.,  Okla.,  La., Texas) 

$84,500 

5.8% 

West  (Ariz.,  Colo.,  Idaho,  Mont.,  N.M.,  Nev.,  Utah,  Wyo.) 

$89,400 

5.9% 

Pacific  (Alaska,  Calif.,  Hawaii,  Ore.,  Wash.) 

$94,900 

4.9% 

SOURCE:  2007  NETWORK  WORLD  SALARY  SURVEY 
*  MEAN  AVERAGE 
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Five  tips  for  how  to  get  more  out  of  your  job 


FTWQRK  WORin 


Network  executives  share  their  success  factors 


salary  survey 2007 


1.  Arm  yourself  with  salary  statistics  when  you  meet  for  your  annual 
review.  Patti  Henderson,  IT  director  at  Boise,  Idaho,  law  firm 
Givens  Pursley,  got  an  above-average  8%  raise  this  year  by 
using  statistics  to  show  her  superiors  how  comparatively  infe¬ 
rior  her  salary  was.The  statistics  came  from  IT  sources,  such 
as  the  2006  Network  World  Salary  Survey,  as  well  as  from  the 
American  Legal  Association.  “I’ve  been  following  salary  sur¬ 
veys  for  the  last  three  years  . . .  and  I  requested  a  substantial 
raise  on  the  idea  that  here  are  all  these  surveys  [showing  that 
I’m  underpaid  for  the  work  I  do],"  she  says. 

2.  Increase  your  chances  of  getting  budget  approvals  by  knowing 
when  the  company’s  financials  look  strong.  IT  Manager  Pam 
Davey  says  this  tactic  has  worked  well  for  her  at  Buyers 
Products,  a  Cleveland  company  that  makes  products  for 
the  mobile  equipment  industry.  While  not  required  to  sub- 


1 


2007  Salary  Calculator 

Get  a  persona!  estimate  of  how 
much  you  should  be  making. 

www.nwdocfinder.com/1721 

Regional  outlook 

Click  on  this  interactive  map  to 
find  out  salary  statistics  and  the 
job  outlook  for  where  you  live  and 
work,  www.nwdocfinder.com/1722 


mit  a  formal  budget,  Davey 
does  keep  the  company  con¬ 
troller  regularly  up-to-date  on 
her  long-term  spending 
requirements.  But  she  also 

tracks  the  bottom  line  so  “I  know  when  the  time  is  right  to 
ask  for  more  money,”  she  says. 

3.  If  your  company  has  an  education  benefit,  take  advantage  of  it  Going 
back  to  school,  whether  for  a  bachelor’s  degree,  master’s 
degree  or  a  doctorate,  not  only  benefits  you  but  also  sets  a 
great  example  for  peers  and  direct  reports,  says  Jonathan 
Campbell,  director  of  network  services  at  FirstHealth  of  the 
Carolinas,  an  expansive  healthcare  network  based  in  Pinehurst, 
N.C.  Campbell  is  taking  advantage  of  FirstHealth's  education 
benefit  as  he  works  on  his  master’s,  he  says. 

4.  Grab  every  opportunity  to  cross-train  that  you  can  reasonably 
handle.  Even  as  the  top-level  network  executive, 
FirstHealth’s  Campbell  knows  there’s  always  more  to 
learn  about  networking.  With  that  in  mind,  he  says  he’s 
excited  by  talk  of  a  new  Cisco  certification  program  for 
network  architects.  “There  a  lot  of  [Cisco  Certified 
Internetworking  Experts],  and  I’m  one  of  them,  who 
spend  a  lot  of  configuration  time  but  don’t  really  under¬ 
stand  the  architecture  piece  that  everything  relates  to  a 
whole  as  far  as  the  unified  system  itself —  voice,  data 
and  integrating  mobile  devices,  and  doing  the  traffic 
engineering.  With  this  new  certification,  we’ll  finally  be 
able  to  address  that,”  Campbell  says. 


Career  chat 

Engage  in  a  live  text  chat  with 
IT  recruiter  Matt  Colarusso, 
with  Sapphire  Technologies. 
www.nwdocfinder.com/1723 


Statistics  galore 

Assess  your  salary  and  more  with  detailed 
breakouts  on: 

•TOTAL  COMPENSATION  •BONUSES  *HOT  SKILLS 
•LOYALTY ‘JOB  SATISFACTION 
www.nwdocfinder.com/1724 


David  Lampert,  network  operations  manager  at  Physio- 
Control,  a  Redmond,  Wash.,  business  unit  of  medical 
device  maker  Medtronic,  agrees.The  best  network  execu¬ 
tives  are  those  who  take  a  multidisciplinary  approach,  he 
says.  After  all,  he  adds,  "the  No.  1  rule  of  networking  is  to 
know  your  applications."  For  example,  Lampert  calls  net¬ 
working  his  strong  suit,  but  says  he  can  hold  his  own  in 
systems,  applications  and  other  IT  disciplines. 

5.  If  you  dream  of  promotions  and  big  salaries,  identify  a  long¬ 
term  career  goal  and  stick  to  it.  That  doesn’t  mean  you  can’t 
make  adjustments,  but  don't  get  derailed  by  getting  too 
steeped  in  one  type  of  technology  or  pulled  too  deeply 
into  the  business  side  —  you  need  a  good  mix  of  technol¬ 
ogy  and  business,  Physio-Control’s  Lampert  says.  As 
you  take  each  step  down  your  career  path,  you’ve  got  to 
stop  yourself  and  ask,  "Am  I  fundamentally  on  my  way  to 
achieving  that  goal?”  he  says. 

—  BETH  SCHULTZ 
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TAKE  TH  E  H  EAT 

OFF  YOUR  SERVER. 

Xeon 

inside' 

AND  YOU. 

Quad-core. 

Unmatched. 

IBM  System  x3400  Express 
$1,699  (Save  $1,107) 


OR  $45/' MONTH1 

IBM  System  x™  Express  has  a  built-in  intelligent  cooling 
design  that  reduces  heat  in  your  server.  So  you  can 
pack  it  with  more  memory,  CPUs  and  hard  drives  when 
you  need  to.  Maximizing  every  square  inch  of  the  server. 
And  giving  you  more  control  over  costs. 

From  the  people  and  Business  Partners  of  IBM: 

It’s  innovation  made  easy. 


THE  ULTIMATE  BALANCE  OF  FLEXIBILITY  AND  PERFORMANCE. 
PRICED  RIGHT  FOR  SMALL  TO  MID-SIZED  BUSINESSES. 

PN:  7975ECU 

Featuring  a  Quad-Core  Intel® 

Xeon®  processor 

Calibrated  Vectored  Cooling  helps 
prolong  system  life  by  helping  to 
keep  internal  components  cool 

2  GB  of  FBD  PC2-5300  memory 

Support  for  up  to  8  hot-swap 
Serial  Attached  SCSI  (SAS), 
or  Serial  ATA  (SATA)  hard  disk 
drives  (HDDs)  with  optional 
4-pack  upgrade 

3-year  on-site  limited  warranty2 
on  parts  and  labor.  An  upgraded 
3-year,  24x7,  on-site  repair  with 
a  4-hour  response  is  available. 

PN:  21P2078,  $600.00 


IBM  SYSTEM  x3650  EXPRESS 

$2,599  (SAVE  $788) 

OR  $69/  MONTH1 

PN:  7979EAU  _ 

Features  a  Quad-Core  Intel  Xeon  processor 
4  GB  of  FBD  PC2-5300  memory 

Advanced  power  management  and  Calibrated  Vectored  Cooling  help  lower 
data  center  electricity  and  cooling  costs 

Up  to  six  3.5"  SAS  or  SATA  HDDs  or  up  to  eight  2.5"  SAS  HDDs  and 
internal  tape  backup  option  for  storage  protection 

3-year  on-site  limited  warranty2  on  parts  and  labor.  An  upgraded  3-year,  24x7, 
on-site  repair  with  a  4-hour  response  is  available.  PN:  21 P2078,  $600.00 


Up  to  25%  off  select  System  x  Express  servers 
with  Intel  Xeon  Quad-Core  processors.3 

For  a  limited  time  only,  save  up  to  25%  on  eligible  System  x 
Express  Quad-Core  servers.  Available  through  ibm.com 
and  IBM  Business  Partners  until  October  30. 


IBM  SYSTEM  STORAGE  DS3200  EXPRESS 

$4,199  (SAVE  $760) 

OR  $111/ MONTH1 

PN: 172621 E 

External  disk  storage  with  3  Gbps  Serial  Attached  SCSI  (SAS)  interface  technology 

Easy  to  deploy  and  manage  with  the  DS3000  Storage  Manager 

Scalable  to  3.6  TB  of  storage  capacity  with  300  GB  hot-swappable  SAS  disks 

Product  includes  an  IBM  SAS  HBA  controller  and  IBM  3m  SAS  cable 

Built-in  reliability  features  with  dual-redundant  power  supplies  standard 

3-year  on-site  limited  warranty2  on  parts  and  labor 


=  =-r  =zz=  express 


=====T=®  advantage™ 

ibm.com/systems/cool 
1  866-872-3902  (mention  6N7AH41  A) 


1.  IBM  Global  Financing  offerings  are  provider!  through  IBM  Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers.  Monthly  payments  provided  are  tor  planning  putposes 
only  and  may  vary  based  oil  your  credit  and  other  factors.  Lease  otter  provided  is  based  on  ari  FMV  lease  ot  36  monthly  payments.  Other  restrictions  may  apply.  Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice. 

2.  IBM  hardware  products  are  manufactured  from  new  parts,  or  new  and  serviceable  used  parts.  Regardless,  our  warranty  terms  apply.  For  a  copy  of  applicable  product  warranties,  visit  ibni.com/servers/support/machine_warranties  oi  write  to:  Warranty 
Information,  P.0.  Box  12196,  RTF',  NC  27709,  Attn:  Dept.  JDJA/B203.  IBM  makes  no  representation  or  warranty  regarding  third-party  products  or  services,  including  those  designated  as  ServerProven*  or  ClusterProven*  Telephone  support  may  be  subject  to 

additional  charges.  For  on-site  labor,  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending  a  technician.  On-site  warranty  is  available  only  for  selected  components.  Oplionaf  same-day  service  response  is  available  on  select  systems 
at  an  additional  charge  3.  Otter  ends  October  31. 2007,  arid  is  subject  to  the  terms  and  conditions  of  the  IBM  System  x  Express  Quad-Core  promotion.  IBM,  the  IBM  logo,  IBM  Express  Advantage,  System  x  and  System  Storage  are  trademarks  or  registered 
trademarks  of  Internationa!  Business  Machines  Corporation  in  the  United  States  and/or  other  countr  ies.  For  a  complete  list  of  IBM  trademarks,  see  ibm.com/legal/copytrade.shtnil.  Intel  end  Xeon  are  registered  trademarks  of  Intel  Corporation.  Alt 
other  products  may  be  trademarks  or  registered  trademarks  of  their  respective  companies.  All  prices  and  savings  estimates  are  based  upon  IBM's  estimated  retail  selling  prices  as  of  August  1. 2007.  Prices  and  actual  savings  may  vary  according 
to  contiguration  Resellers  set  their  own  prices,  so  reseller  prices  and  actual  savings  to  end  users  may  vary.  Products  are  subject  to  availability.  This  document  was  developed  for  offerings  in  the  United  States.  IBM  may  not  otter  the  products, 
features,  or  services  discussed  in  this  document  in  other  countries.  Prices  are  subject  to  change  without  notice.  Starting  price  may  not  include  a  hard  drive,  operating  system  or  other  features.  Contact  your  IBM  representative  or  IBM  Business 
Partner  for  the  mo?t  current  pricing  in  your  geographic  area  ©2007  IBM  Corporation.  All  rights  reserved 


E-MAIL  NEWSLETTER  SHOWCASE:  NETWORK  OPTIMIZATION 


Learning  from  experience 


BY  ANN  BEDNARZ 

It’s  not  hard  to  find  companies  that  are  jump¬ 
ing  into  WAN  optimization.  Every  month  there 
are  a  handful  of  press  releases  announcing 
new  customers  that  have  signed  on  to  pur¬ 
chase  different  vendors’  gear.  What’s  more  rare 
is  finding  an  old  pro:  Liz  Claiborne. 

The  apparel  company  has  used  traffic-shap¬ 
ing  gear  from  Packeteer  for  six  years.  Joe  Yan- 
kauskas,IT  director  with  Liz  Claiborne, says  the 
company  deployed  Racketeer’s  PacketShaper 
appliances  to  prioritize  and  deliver  its  busi¬ 
ness-critical  applications,  including  its  ERP  and 
retail  management  applications. 

Six  years  ago,  HTTRCIFS  and  MAPI  traffic  was 
consuming  too  much  bandwidth, imposing  per¬ 


NEWS  ALERTS 

Hate  hunting  for  stories  on  a  specific 
topic?  Let  the  news  come  to  you  with 
Network  World’s  latest  news  alerts 
with  focuses  on  security,  financials, 
standards,  trade  show  news  and  ven¬ 
dor-specific  news. 

www.nwdocfinder.com/1002 


formance  penalties  on  essential  network  traffic, 
he  says.“The  original  impetus  was  to  make  sure 
that  our  mission-critical  business  applications 
were  delivered  to  the  sites  and  didn’t  have  con¬ 
flict  with  non-mission-critical  applications  like 
e-mail  and  regular  HTTP  traffic.” 

Prioritizing  voice  traffic  is  another  key  use  of 
traffic-shapers.  Liz  Claiborne  started  deploying 
VoIP  technology  three  years  ago  and  today  it 
has  about  5,000  VoIP  phones  in  use.  “Voice 
requires  the  highest  priority  traffic  on  the  net¬ 
work  because  you  can’t  retransmit  voice  pack¬ 
ets.  If  you  drop  a  packet,  you  get  the  jitter  and 
scratchiness  on  the  phone,”  he  says. 

Liz  Claiborne  has  deployed  the  PacketShaper 
appliances  at  its  corporate  data  center  and 
roughly  40  satellite  offices,  which  are  net¬ 
worked  via  a  variety  of  T-l  and  DS-3  circuits. 
PacketShapers  have  “become  staple  as  we  roll 
out  new  sites,  new  locations’ ’Yankauskas  says. 

But  while  the  company’s  deployment  dates 
back  six  years,  that  doesn't  mean  it’s  not 
dynamic. 

One  thing  that  is  new  is  Liz  Claiborne’s  in¬ 
progress  rollout  of  Racketeer’s  Report  Center 
software,  which  will  enable  the  IT  department 
to  centrally  monitor  traffic  and  perform  trend 
analyses.The  software  creates  a  dashboard  that 
consolidates  to  make  it  easier  for  administra¬ 


tors  to  spot  throughput  issues  and  track  net¬ 
work  behavior,  for  example. 

“They  can  see  how  each  circuit  is  performing 
and  determine  whether  or  not  they  have  to 
fine-tune  any  of  the  parameters  and  shaping  to 
give  more  availability  to  a  particular  applica¬ 
tion, ’’Yankauskas  says. 

Without  Report  Center,  reviewing  metrics  re 
quires  pulling  data  from  each  device.“You  have 
to  attach  to  each  PacketShaper  at  each  site  and 
pull  down  the  reports,”  he  says. 

Yankauskas  is  hopeful  the  Report  Center  soft¬ 
ware,  once  fully  operational,  will  help  Liz  Clai¬ 
borne  more  accurately  evaluate  and  predict 
bandwidth  requirements.  With  Report  Center, 
the  IT  team  will  be  able  to  “do  careful  analysis 
to  determine  exactly  when  we  need  an 
upgrade  and  when  we  don’t  need  an  upgrade,” 
he  says.  ■ 


ONLINE:  In  your  in-box 

Sign  up  for  this  or  any  of  Network 
World's  many  other  e-mail  newslet¬ 
ters. 

www.nwdocfinder.com/1002 


Bringing  Your  Assets*  Into  Focus 


Without  a  comprehensive  IT  asset  management  solu¬ 
tion  in  place,  you  may  only  be  seeing  half  the  picture. 
That  presents  clangers  like  system  downtime  from  im¬ 
proper  upgrades,  poor  customer  service,  overpaying 
on  license  fees  and  inappropriate  usage  of  software/ 
internet  by  employees. 

NetSupport  DNA  facilitates  central  management  of 
your  enterprise  IT  assets  in  a  secure,  coordinated  and 
efficient  manner.  NetSupport  DNA  is  available  in  a 
modular  format  including  Hardware  and  Software  In¬ 
ventory,  Alerting  and  Change  History  with  Software 
Distribution,  Application/Internet  Usage  Metering,  PC 
Remote  Control  and  Web-Based  Helpdesk. 

NetSupport  DNA  provides  a  flexible  solution  that  can 
be  operational  in  under  30  minutes  and  requires  no 
additional  training  or  certification. 

Discover  assets. 

Uncover  inefficiencies. 

Recover  costs. 

Get  the  whole  picture  with  NetSupport  DNA. 
NfcTbUPPORT 

DNA 


j  sales@netsupport-inc.com  770-205-4456  jjj  www.netsupportdna.com 


Turn  back  network  time. 


Stop  missing  critical  events. 

For  a  trusted  approach  to  problem  resolution  rely  on  the  Network  Instruments®  GigaStor™ 
appliance.  Everything  is  recorded — every  packet,  every  protocol,  every  transaction  for 
hours,  days,  even  weeks.  The  unique  GigaStor  interface  provides  an  effective  way  to  go 
back  in  time  to  determine  not  only  when  the  application  went  down  but  why. 


Resolve  intermittent  problems,  track  compliance  efforts,  isolate  VoIP  quality  issues, 
and  more  on  the  most  complex  WAN,  Gigabit,  and  1 0  GbE  networks.  Find  out  how  you 

can  turn  back  the  clock  with  the  GigaStor.  After  all,  your  network  history  shouldn't  be  a 
thing  of  the  past. 


GigaStor:  Get  proof.  Take  action.  Move  forward. 


NETWORK* 

INSTRUMENTS 


Learn  more  about  GigaStor.  800-526-5958 

www.Networklnstruments.com/TimeTravel 


©  2007  Network  Instruments,  LLC.  All  rights  reserved.  GigaStor,  Network  Instruments,  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC. 
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ROSE  US 
ROSE  EUROPE 
ROSE  ASIA 
ROSE  AUSTRALIA 


281  933  7673 
+49-(0)5226-9820930 
+65  6324  2322 
+617  3388  1540 


www.rose.com 

281  933  7673  800  333  9343 

ROSE  ELECTONICS  10707  STANCUFF  ROAD  -  HOUSTON,  TEXAS  77099 
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RELAX.  YOU’RE  IN  CONTROL  NOW. 

Manage  remote  offices  from  wherever  you  are. 

Secure  your  Data  Center.  No  software  licensing  fees. 


State  of  the  art  security 

Dependable,  Powerful,  Secure,  Guaranteed 

24/7  Mission  Critical  Reliability 

Industry  Best  Video 

USB,  PS/2,  Serial  Support  . 


::  UltraLink™  usb,  PS/2,  Serial  Support 

Digital  KVM  IP  slng,e' Dual' Quad  Models 


Dig  iuii  ivvpi  ir 
Switches 

Swkch  &  control  1,000s 
of  computers  &  network 
devices  over  IP 

Advanced  Security 
High  resolution 
On-screen  menu 
USB,  PS/2,  Sun,  Serial 


r'luiu-piairorm 
KVM  switches 

Switch  &  control  1,000s  of 
computers  and  network 
devices 

Advanced  Security 
High  resolution 
On-screen  menu 
USB,  PS/2,  Sun,  Serial 


KVM  Extenders 


Extends  keyboard,  video, 
and  mouse  signals  up  to 
33,000  feet 

Flier,  CATx 
DVI,  VGA,  High  Res. 
PS/2,  USB,  Sun 
Audio,  Serial 


KVM  Rack  Drawers! 


The  most  efficient  way  to 
organize  your  server  room. 

1U  or  2U,  VGA,  DVI 
15",  17",  19"  or  20" 
PS/2,  USB,  or  Sun 
Touchpad  or  Trackball 


Panel  Mount  LCD 


Mounts  vertically  in  a 
standard  19”  rack. 


15"  17",  19",  20",  or  23" 

VGA,  DVI,  S-Video 
Optional  Touchscreen 
Optional  Built-in  KVM  Extenders 


Introducing  the 


www.networkTAPs.com 


Efficiently  aggregate  full-duplex  data  into 
your  analysis  or  security  device. 

•  Supports  10/100/1000 

•  Stream  into  two  different  devices 

•  Rack  mount  up  to  three  across 

•  Supports  all  commercial  analysis  systems 

•  Also  works  with  open-source  tools 

Learn  more.  Visit  www.networkTAPs.com. 


Buffer  options: 

256  MB . $1/495 

512  MB . $1,995 


dTAP 
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Choose  from  a  variety  of  configurations,  options,  and  pricing.  Plus  a 
complete  line  of  copper  and  optical  nTAPs  for  full-duplex  analyzer  systems. 
Free  overnight  delivery* 

www.networkTAPs.com  •  1-866-GET-nTAP 


PC  C  €  (§>  X 

N  fret  overnight  delivery  on  all  U.S.  orders  over  $295  confirmed  before  12  (un.  Central  Time. 
©  2007  Network  Instruments,  LIC  nTAP  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Instruments,  lit. 


Instantly  Search  Terabytes  of  Text 

fyfTnrn  intinfruMmiininir - - -  . 


earc 


Instantly  Search  | 
Terabytes  ofText^ 


Web  wit 

* 

Publish  for 


Contact  dtSearch  for 
fuliy-functional  evaluations 

The  Smart  Choice  for 
Text  Retrieval®  since  1991 


♦  over  two  dozen  indexed,  unindexed, 
fielded  data  and  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  and  PDF, 
while  displaying  links,  formatting  and 


images 


♦  converts  other  file  types  (database, 
word  processor,  spreadsheet,  email 
and  attachments,  ZIP,  Unicode,  etc.)  to 
HTML  for  display  with  highlighted  hits 

♦  Spider  supports  static  and  dynamic 
Web  content,  with  WYSWYG 
hit-highlighting 

♦  API  supports  .NET,  C++,  Java,  SQL 
databases.  New  .NET  Spider  API 


dtSearch*  Reviews 

♦  "Bottom  line:  dtSearch  manages  a 
terabyte  of  text  in  a  single  index  and 
returns  results  in  less  than  a  second" 

-  Info  World 

♦  "For  combing  through  large  amounts 
of  data,  dtSearch  "leads  the  market” 

-  Network  Computing 

♦  "Blindingly  fast"-  Computer  Forensics: 
Incident  Response  Essentials 

♦  "Covers  all  data  sources  ...  powerful 
Web-based  engines"  -  eWEEK 

♦  "Searches  at  blazing  speeds" 

-  Computer  Reseller  News  Test  Center 

♦  "The  most  powerful  document  search 
tool  on  the  market"-  Wired  Magazine 

For  hundreds  more  reviews  —  and 
developer  case  studies  —  see 
www.dtsearch.com 
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moving  into  the  corporate  world.  Kids  use 
blogs,  wikis  and  social-networking  tools  to  in¬ 
teract  with  each  other,  and  they  expect  the 
same  in  the  workplace. 

“Your  users  will  do  it  behind  your  back,  bring 
this  stuff  in  and  make  it  part  of  their  processes, 
and  eventually  you’ll  have  to  deal  with  it  any- 
wa^’  Phifer  said. 

Just  as  customers  and  sellers  rate  each  other 
on  eBayyoung  people  use  Web  sites  to  rate  the 
physical  attributes  of  peers,  pop  culture,  teach¬ 
ers  and  products. 

“In  the  enterprise,  they’re  going  to  rate  you, 
they’ll  rate  their  bosses,  they’ll  rate  peers. 
They’re  going  to  rate  customers,”  Austin  said. 

Gartner  projects  a  42%  compound  annual 
growth  rate  in  the  Web  2.0  market  through 
2011.  The  analyst  firm  classifies  the  market  as 
“early  emerging.”  By  way  of  comparison,  e-mail 
and  ERP  are  classified  as  somewhere  between 
maturity  and  decline,  while  Web  conferencing 
is  high  growth. 

Analysts  urged  IT  executives  to  nurture  this 
growth,  perhaps  with  MySpace-like  Web  pages 
where  employees  can  describe  themselves. 
Building  on  the  collaborative  aspects  of  Web 
2.0  can  increase  innovation. 
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Take  Procter  &  Gamble.  P&G’s  research  and 
development  used  to  take  place  entirely 
within  the  Cincinnati  company.  Using  collab¬ 
orative  Web  sites,  such  as  InnoCentive,  the 
company  over  the  past  few  years  has  tapped 
the  brain  power  of  moonlighters,  students, 
engineers  and  housewives  to  develop  ideas 
for  new  products,  Austin  said.  Today,  40%  of 
P&G’s  new  products  are  based  on  external 
research  and  development,  he  said. 

A  business  called  Threadless,  which  makes  T- 
shirts,lets  people  submit  design  ideas  and  vote 
on  them.  Threadless  picks  the  winners  each 
week  and  gives  them  $2,000  and  starts  printing 
the  shirts.  The  Chicago  company  has  thus  ex¬ 
ternalized  product  design,  market  testing  and 
has  a  built-in  market  of  people  who  like  the 
shirts,  Austin  said. 

In  both  cases,  IT  acted  as  an  enabler. 

You  can  use  Web  2.0  to  speed  up  problem 
resolution,  raise  employee  skill  levels,  make 
e-mail  more  effective,  and  improve  the  shar¬ 
ing  and  reuse  of  information  and  knowl¬ 
edge,  he  said. 

Virtual  worlds,  such  as  Second  Life,  aren’t 
really  mature  yet,  because  they  are  hard  to 
navigate,  Austin  said.  But  there  are  plenty  of 
options  today  in  addition  to  blogs  and  wikis, 
such  as  rich  profiles  for  employees,  shared 


Microsoft 
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said.“A  lot  of  this  stuff  you  have  not  seen  yet.” 

After  a  brief  tour  through  the  history  of  SQL 
Server,  Kummet  said  the  community  technolo¬ 
gy  preview  (CTP)  program  launched  with  SQL 
Server  2008  has  allowed  users  to  have  a  huge 
effect  on  product  development.  He  said  the 
June  CTP  would  be  followed  by  two  more  and 
that  the  final  release  of  SQL  Server  2008  is  still 
on  target  for  the  second  quarter  of  2008,  even 
though  it  will  be  featured  in  a  “launch  event”  in 
February  with  Windows  Server  2008  and  Visual 
Studio  2008. 

Kummert  wrapped  his  messages  about  posi¬ 
tioning  SQL  Server  2008  around  data  ware¬ 
housing  and  his  observation  that  corporations 
are  experiencing  a  data  explosion  driven  by 
new  data  types,  including  multimedia.  That 
development  is  forcing  the  database  to  push 
beyond  storing  just  relational  data  and  to 
develop  new  management,  productivity  and 
developer  tools,  he  said. 

“What’s  driving  this  is  the  evolution  of  data 
types,”  Kummert  said. “It  includes  images,  stills, 
video,  data  from  sensors  such  as  RFID,  the  Web 
and  digitization  of  existing  assets.  There  is  a 
whole  new  set  of  data  types  that  you  want  to 
use  in  your  business  process  applications. 
There  is  compliance, policies  around  retention 
which  brings  life-cycle  management  chal¬ 
lenges  with  it.” 

With  that  in  mind,  he  said  SQL  Server  2008 
would  stand  on  four  foundational  elements:  a 
solid  data  platform  in  terms  of  reliability,  scale 
and  security;  operational  cost  reductions 


bookmarks  and  tagging,  which  lets  both  the 
creators  and  consumers  of  information 
assign  labels  to  that  information. 

One  conundrum  businesses  face  is  decid¬ 
ing  where  Web  2.0  is  appropriate.  If  you’re 
trying  to  ascertain  facts  or  perform  deep 
analysis,  a  strict  authority  structure  is  proba¬ 
bly  best,  said  Anthony  Bradley,  a  Gartner 
research  director.  If  you’re  looking  to  pro¬ 
mote  innovation,  diversity  of  ideas  or  to 
ascertain  people’s  perceptions,  a  more  col¬ 
laborative  structure  is  called  for.“lf  there’s  no 
strong  community  aspect  to  it,  it’s  not  a  good 
fit  for  Web  2.0,”  he  said. 

Typically  anonymity  should  not  be  allowed 
because  it  will  be  abused,  analysts  said.  But 
placing  too  many  restrictions  will  stifle  inno¬ 
vation, so  be  prepared  to  “repair  some  vandal¬ 
ism,”  as  one  analyst  put  it. 

Budgeting  for  these  new  technologies  may 
be  a  challenge,  but  it  shouldn’t  be  a  deal- 
breaker,  Phifer  said. 

Mashup  technology  might  cost  a  few  hun¬ 
dred  thousand  dollars,  while  blogging  and 
wiki  tools  could  cost  a  few  thousand.  But 
that’s  not  as  expensive  as  acquiring  and  man¬ 
aging  a  traditional  software  infrastructure. 
“You’re  not  looking  at  humongous  invest¬ 
ments,”  Phifer  said.  ■ 


through  such  mechanisms  as  self-maintaining 
systems,  support  for  new  data  types,  and  uni¬ 
versal  quick  access  to  data. 

Users  running  SQL  Server  2005  are  tracking 
those  developments. 

“I  am  here  to  look  at  the  BI  track,”  said 
Quentin  Fleurat,  manager  of  information  tech¬ 
nology  programming  for  Bresnan  Communi¬ 
cations,  a  broadband  telecommunications 
provider  in  Purchase,  N.Y  He  also  said  he  is 
tracking  the  Filestream  feature  in  SQL  Server 
2008  that  lets  users  store  a  pointer  in  a  data¬ 
base  used  to  retrieve  unstructured  data  from  a 
file  server,  a  much  faster  and  cheaper  alterna¬ 
tive  than  storing  and  retrieving  that  data  from  a 
database.  Bresnan  has  a  home-grown  applica¬ 
tion  to  perform  that  task. 

“We  retain  our  customer  statements  for  two 
years  and  will  eventually  have  a  file  system 
with  17  to  19  terabytes  of  data,”  he  said. 

But  regardless  of  need,  he  says  an  SQL  Server 
2008  rollout  is  at  least  a  year  away. 

“We  always  wait  for  the  first  service  pack  and 
then  we  will  set  up  a  test  environment  and 
start  tracking  issues  others  companies  are  hav¬ 
ing,”  he  said. 

Kummert  then  launched  into  a  series  of 
demos  highlighting  features  around  manage 
ment,  the  use  of  new  data  types,  productivity 
gains  for  developers,  and  expansion  of  the 
database’s  user  population. 

He  showed  off  the  Declarative  Management 
Framework,  a  new  policy-based  management 
framework  that  ensures  mandated  system  con¬ 
figurations,  such  as  preventing  the  use  of  cer¬ 
tain  database  schemas,  and  support  for  Intelli- 
sense  features  to  simplify  administration.  IB 
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Resources  to  help  users  better  support  data  centers 


DATA  CENTER  CHALLENGES  (%  indicating  "Very  Challenging"  or  "Challenging") 


53%  Troubleshooting  software  problems 

50%  Maintaining  disparate  applications 

48%  Issuing  software  patches 

48%  Ensuring  adequate  performance 
and  availability 

41  %  Safeguarding  the  data  center  from 
physical  disaster 

40%  Scaling  the  environment  up  and  down  for 
demand  peaks  and  valleys 


39%  Having  enough  physical  space  in  the 
data  center 

34%  Adequately  cooling  equipment 

30%  Understanding  the  interdependence  of 
data  center  equipment 

28%  Dealing  with  power  outages 

23%  Troubleshooting  hardware  problems 

23%  Keeping  track  of  the  equipment  in  the 
data  center 


Today's  challenges  of  supporting  a 
data  center  include  virtual  server 
sprawl,  ongoing  migration  to  blade 
servers,  mounting  cooling  demands,  a 
never  ending  need  for  more  power,  the 


Five  Strategies  for  Cutting  Data 
Center  Energy  Costs  Through 
Enhanced  Cooling  Efficiency 


See  how  to  optimize  your  data  center 
efficiency  through  virtualization,  digital 
system  controls  and  emerging  ^ 
monitoring  capabilities.  EMERSON 


Network  Power 


rising  costs  of  energy  and  more. 


Network  World  can  help  you  alleviate 
these  challenges  with  a  collection  of 
resources  that  offer  concrete  suggestions 
and  plans  of  action. 


_ mmmui 

Welcome  to 
Network  World's 
Perspectives  Editorial 
Webcast 


Virtual  Server  Management 


i'  l  . . 


Network  World  Editorial  Webcast: 
Virtual  Server  Management 
-Weighing the  Options 

Virtual  server  sprawl  is  a  byproduct  of  virtual¬ 
ization.  Discover  new  tools  designed  to  help 
alleviate  the  management  issues  involved. 

V  Gateway. 


Go  to: 

www.networkworld.com/DataCenterResearch 

for  all  data  center  research. 
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A  Unified  Approach  to  Workload 
Lifecycle  Management 

Find  out  why  your  organization  should  consider 
adopting  a  unified  approach  to  managing  work¬ 
loads  in  the  data  center. 
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Best  Practices  to  Control  Your 
Data  Center 

Read  about  solutions  that  help  IT  shops  better 
support  remote  data  center  maintenance  with 
this  in-depth  whitepaper. 

Avocent 

Th*  Point  of  doing  There. 
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Dealing  With  Hippos 


Mark  Gibbs 


o  you’re  thrashing  out  the  final  details  of, 

I  say,  how  to  implement  the  next  phase  of 
your  CMS  or  ERP  system.You ’ve  gone 
from  the  big  picture  (“We  need  a  system  to 
...”)  and  after  countless  meetings  finally  got 
BACKSPIN  down  to  the  details  (“We  need  these  fields  on 
this  form  and  this  link  will  point  to  do 
You’re  feeling  good.You’ve  finessed  the 
departmental  politics  and  got  all  of  the  stake¬ 
holders  in  broad  agreement.You’ve  lined  up  the  budget,  the  resources 
hell,  you  can  see  the  goal  posts  in  sight.You  can  make  this  happen! 

You  are  an  IT  god!  And  then  .... 

And  then  in  comes  the  Hippo. The  Hippo 
could  be  your  boss,  the  CIO,  the  vice  president 
of  sales,  the  CTO  or  even  the  CEO. You  might 
be  a  big  fish  in  the  organizational  pond,  but 
the  Hippo?  Well,  he’s  a  Hippo.  A  much  bigger 
beast  than  you. 

The  Hippo’s  pitch  usually  goes  something 
like, “Hey  that’s  cool  but  what  about  ...?”What  follows  is  often  bizarre, 
irrelevant,  capricious,  vague,  foolish,  simplistic,  ridiculous,  aggravating 
or  pointless.  Or  all  those  things  at  the  same  time. 

Whatever  it  is,  the  Hippo  is  on  a  different  page.  He  may  have  the 
right  book  and  sometimes  even  the  right  chapter,  but  he  has  chosen  a 
page  you  have  never  seen  let  alone  read. 

“What  we  need  is  ...’’says  the  Hippo, and  the  result  —  if  you’re  lucky 
—  is  a  new  field  or  a  new  green  button  on  a  user  interface  that  has 
bugger  all  to  do  with  what  you  need  to  achieve.  If  you’re  unlucky  he’s 
going  to  invent  a  whole  new  business  process  that  no  one  needs. 

The  Hippo’s  reasoning  for  whatever  he  thinks  to  be  crucial  is  usually 


fi*The  Hippo’s  reasoning  for 
whatever  he  thinks  to  be 
crucial  is  usually  vague.55 


vague.  For  something  like  a  green  button  he  may  mutter  something 
about  an  article  he  read  years  ago  in  the  Reader’s  Digest  that  said  that 
humans  recognize  objects  in  green  faster  than  other  colors  because 
when  we  were  all  dragging  our  knuckles  on  the  ground  it  aided  our 
survival.  And  he’s  not  kidding.  He  really  believes  this  makes  sense. 

Your  problem  is  how  to  make  the  Hippo  happy  because  an  unhappy 
Hippo  at  best  means  you’re  going  to  get  into  a  knock  down,  drag  ’em 
out  fight  (a  battle  of  wits  with  an  unarmed  man  is  never  much  fun), 
and  at  worst  could  leave  you  concerned  about  your  job. 

While  I  have  had  my  fair  share  of  run-ins  with  Hippos,  I  hadn’t  heard 
them  called  such  until  I  had  lunch  last  week  with  my  old  friend  Jim 
Sterne.  Jim  is  president  of  the  Web  Analytics  Association  (he  asked  me 

to  tell  you  his  next  conference  is  forthcoming 
—  visit  www.nwdocfinder.com/1739)  and  it 
turns  out  in  the  rarified  atmosphere  of  e-met¬ 
rics  the  concept  of  organizational  Hippos  is 
commonplace. 

The  reason  this  group  has  identified  the 
Hippo  is  that  they  have  an  answer  for  him: 
Measure.  Whatever  it  is  —  a  green  button,  a  field  on  a  form,  a  new 
business  process  —  track  it  and  see,  in  detail,  how  it  performs.  When 
you  get  hard  evidence  that  something  doesn’t  work  then  you  have 
grounds  for  getting  rid  of  it. 

Until  you  have  evidence,  you  and  the  Hippo  will  just  butt  heads  and 
you  know  whose  is  bigger.  It’s  a  case  of  speak  softly  and  carry  a  big 
measuring  stick. 

There  are  not  a  lot  of  hippos  where  Gibbs  lives  in  Ventura,  Calif.  But  if 
you  have  your  own  Hippo  horror  stories,  please  share  at 
backspin  @gibbs.  com. 
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•-mails  sent  my  way  last  week  indicate  that 
i  Ameritrade  received  explicit  and  repeated 
iwarnings  from  an  IT  security  expert  start¬ 
ing  Jan  9, 2006,  that  its  customer  data  had 
apparently  been  compromised,  placing  the 
start  of  this  latest  high-profile  breach  much  ear¬ 
lier  than  previously  reported  —  and  likely 
pushing  it  into  2005. 

Nevertheless,  the  company  insisted  for  the 
next  20  months  that  a  flood  of  stock-related 
spam  being  received  by  numerous  clients  was  not  indicative  of  a  more 
serious  problem. 

They  couldn’t  have  been  more  wrong. 

Following  that  January  2006  email, subsequent  warnings  from  multi¬ 
ple  sources  —  including  a  column  in  May  by  my  Network  World  col¬ 
league  Mark  Gibbs  —  also  failed  to  prompt  the  company  to  alert  its 
clients.  Only  on  Sept.  14  did  Ameritrade  publicly  acknowledge  that 
“unauthorized  code”  on  its  systems  had  “allowed  certain  information 
stored  in  one  of  our  databases,  including  email  addresses,  to  be 
retrieved  by  an  external  source.” 

More  than  6  million  customer  accounts  were  exposed,  although 
Ameritrade  contends  there  has  been  no  known  identity  fraud  associat¬ 
ed  with  the  breach. 

“I  warned  Ameritrade  of  a  security  breach  in  January  of  2006,  which 
means  that  it  likely  occurred  in  mid-  to  late-2005,”says  Joshua  Fritsch, 
who  sent  the  Jan.  9, 2006,  e-mail  and  provided  copies  of  his  subse¬ 
quent  exchange  with  Ameritrade.  Fritsch  has  15  years  of  experience  in 
networking,  including  “security  design  and  management  fora  global 
financial  firm.” 

Ameritrade  stubbornly  stands  by  its  decision  to  hold  off  on  an  earlier 
public  notification,  saying  the  alien  code  was  discovered  only  recently 


plenty  of  red  flags 

“We  didn’t  know  how  the  information  was  getting  out,”  says  com¬ 
pany  spokeswoman  Kim  Hillyer.  “We  didn’t  know  the  scope  of  the 
issue.” 

Asked  if  prudence  might  have  suggested  an  earlier  alert  —  given 
the  number  of  sources  and  the  expertise  of  those  warning  the 
company,  coupled  with  all  the  internal  uncertainty  —  Hillyer  fell 
back  on  her  talking  points  and  insisted  there  was  nothing  more 
they  could  have  done. 

The  company  is  already  being  sued  over  the  spam  deluge,  and  can 
certainly  expect  to  hear  from  more  lawyers. 

While  Fritsch  does  not  have  a  copy  of  the  first  email  he  sent  to 
Ameritrade  —  it  was  submitted  via  a  Web  form  and  not  copied  back  to 
him  —  he  told  me  that  it  went  like  this: 

“I  created  ameritrade@unixgeeks.org  just  for  use  with  your  company, 
and  it  was  never  distributed  anywhere  else.Thus,your  database  has 
been  compromised  either  by  a  hacker,  or  one  of  your  employees  sell¬ 
ing  the  data.” 

Here’s  what  he  got  back  from  Ameritrade,  dated  Jan.  9, 2006: 

“ Mr.  Fritsch, 

The  Spam  e-mail  you  are  receiving  is  not  a  result  of  Ameritrade 
sharing  or  selling  any  contact  information,  nor  do  we  believe  any 
information  has  been  compromised.  The  cornerstone  of  our  Privacy 
Statement  is  the  commitment  to  keep  our  clients  personal  informa¬ 
tion  confidential. . . . 

Several  Spam  methods  do  not  depend  on  using  purchased  or 
intercepted  lists  of  existing  or  valid  e-mail  accounts.  Spammers  also 
use  known  “ brute  forcing" or  dictionary  techniques.  Brute  forcing 
e-mails  basically  starts  with  something  like  a@doeinvestor.net, 
aa@doeinvestor.net,  aaa@doeinvestor.net,  aab@doeinvestor.net, 

See  'Net  Buzz,  page  30 
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SEE  US  AT  ANY  OF  THESE  SHOWS! 


Manage  Any  Data  Center. 
Anytime.  Anywhere. 


Infrastructure  Mgt.  World 

Scottsdale,  AZ  -  Booth  TBD 
Sept.  10  - 12 

VM  World 

San  Francisco,  CA  -  Booth  1113 
Sept.  11  - 13 

AFCOM  Data  Center  World 

Dallas,  TX  -  Booth  436 
Sept.  17 -18 

High  Perf.  on  Wall  Street 

New  York,  NY -Booth  216 
Sept.  17 

IDC  Enterprise  Infra.  Forum 

New  York,  NY -Booth  TBD 
Sept.  20 

Interface  Salt  Lake  City 

Salt  Lake  City,  UT  -  Booth  309 
Oct.  4 

GEOINT 

San  Antonio,  TX  -  Booth  374 
Oct.  22-24 

Interop  New  York  Fall 

New  York,  NY  -  Booth  543 
Oct.  24  -  25 

AFCEA  Asia-PAC  TechNet 

Honolulu,  HI  -  Booth  516 
Nov.  4  -  9 

Super  Computing 

Reno,  NV  -  Booth  164 
Nov.  12 -15 

LISA 

Dallas,  TX  -  Booth  200 
Nov.  14  - 15 

DaCEY  Awards 

Atlanta,  GA 
Nov.  15 

Gartner  Data  Center  Conf. 

Las  Vegas,  NV  -  Booth  TBD 
Nov.  27-30 

Interface  Seattle 

Seattle,  WA  -  Booth  206 
Nov.  28 


Avocent  builds  hardware  and  software  to  access,  manage  and  control  any  IT  asset  in  your 
data  center,  online  or  offline,  keeping  it,  and  your  business,  “always  on”. 


Visit  us  on  our  Remote  Control  Tour.  For  locations  near 
you,  go  to  www.avocent.com/remotecontrol. 
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Alternative  Thinking  About  Reliability: 
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Quad-core. 

Unmatched. 
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The  HP  ProLiant  DL380  G5  server  comes  with  Systems  Insight 
Manager  (SIM)  software.  HP  SIM  has  shown  an  average 
reduction  in  server  downtime1  of  77%,  by  monitoring  your  system 
and  alerting  you  of  potential  server  problems  before  they  occur. 

Technology  for  better  business  outcomes. 


•  IS®  f  *  : 


HP  ProLiant  DL380  G5 

$2249  (Save  $1078) 


HP  StorageWorks  Ultrium 
448  Tape  Drive  SA5  Bundle2 


lease  for  as  low  as  $58/mo3  for  48  months 
Check  hp.com  for  the  most  up-to-date  pricing 

Smart  (PN:  470064-511) 

•  Quad-Core  Intel®  Xeon®  Processor 

•  2GB  PC2-5300  memory 

•  Supports  small  form  factor,  high-performance 
SAS  or  low-cost  SATA  hard  drive 

•  Smart  Array  P400  controller 

•  Integrated  Lights-Out  (iL02),  Systems  Insight 
Manager,  SmartStart 

Get  More: 

Smart  24x7,  4  hour  response,  3  years 

{PN:  UE894E)  $689 

Smart  Add  1GB  additional  memory, 

(PN:  397409-S21)  $189 

.  ';W.. 


lease  for  as  low  os  $54/mo3  for  48  months 
(PN:  AG739A) 


•  400GB  compressed  capacity  in  half-height 
form  factor 


>  Ships  with  Data  Protector  Express  Software, 
One  Button  Disaster  Recovery,  a  1U 
Rockmount  Kit,  and  a  Host  Bus  Adapter 


Get  the  full  story  in  the  IDC  white  paper  at  hp.com/ go/ sim  1  0 
or  call  1-877-726-81  15 


1 .  IOC  White  Paper  sponsored  by  HP,  Gaining  Business  Value  and  ROI  with  HP  Systems  Insight  Manager,  Doc  #206761 ,  May  2007.  2.  Prices  shown  are  HP  Direct  prices;  reseller  and  retail  prices  may  vary.  Prices  shown  are  subject  to  change 
and  do  not  include  applicable  state  and  local  taxes  or  shipping  to  recipient's  address.  Offers  cannot  be  combined  with  any  other  offer  or  discount  and  are  good  while  supplies  last.  All  featured  offers  available  in  U.S.  only.  Savings  based  on  HP 
published  list  price  of  configure-to-order  equivalent  ($3627  -  $1 378  instant  savings=  SmartBuy  price  $2249).  3.  Financing  available  through  Hewlett-Packard  Financial  Services  Company  (HPFS)  to  qualified  commercial  customers  in  the  US  and 
subject  to  credit  approval  and  execution  of  standard  HPFS  documentation.  Prices  shown  are  based  on  a  lease  48  months  in  term  with  a  fair  market  value  purchase  option  at  the  end  of  the  term.  Rates  based  on  an  original  transaction  size  between 
$3,000  and  $25,000.  Other  rates  apply  for  other  terms  and  transaction  sizes.  Financing  available  on  transactions  greater  than  $349  through  October  31 , 2007.  HPFS  reserves  the  right  to  change  or  cancel  these  programs  at  any  time  wilhout 
notice.  Intel,  the  Intel  Logo,  Xeon  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©  2007  Hewlett-Packard  Development  Company,  L.P  The  Information 
contained  herein  is  subject  to  change  without  notice. 


